Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47239
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin <= 1.1.10 versions.
Wpplugin Easy Paypal Shopping Cart
4.3
CVSSv2
CVE-2021-24572
The Accept Donations with PayPal WordPress plugin prior to 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result...
Wpplugin Accept Donations With Paypal
4.3
CVSSv2
CVE-2021-24570
The Accept Donations with PayPal WordPress plugin prior to 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Fu...
Wpplugin Accept Donations With Paypal
3.5
CVSSv2
CVE-2021-24815
The Accept Donations with PayPal WordPress plugin prior to 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wpplugin Accept Donations With Paypal
NA
CVE-2022-3822
The Donations via PayPal WordPress plugin prior to 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in m...
Tipsandtricks-hq Donations Via Paypal
NA
CVE-2023-22686
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.
Trinitronic Nice Paypal Button Lite
4.3
CVSSv2
CVE-2021-24989
The Accept Donations with PayPal WordPress plugin prior to 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing malicious users to make a logged in admin delete arbitrary posts from the blog
Wpplugin Accept Donations With Paypal
4.3
CVSSv2
CVE-2017-6099
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote malicious users to inject arbitrary web script or HTML via the token parameter.
Paypal Merchant-sdk-php 3.9.1
4.3
CVSSv2
CVE-2017-6217
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution
Paypal Adaptive Payments Sdk 3.9.2
NA
CVE-2023-24405
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Wpplugin Paypal \\& Stripe Add-on
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »