Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-0897
PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote malicious users to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code.
Magicscripts E-store Kit-2 Paypal
4.3
CVSSv2
CVE-2005-0898
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote malicious users to inject arbitrary web script or HTML via the txn_id parameter.
Magicscripts E-store Kit-2 Paypal
NA
CVE-2022-4628
The Easy PayPal Buy Now Button WordPress plugin prior to 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cros...
Wpplugin Easy Paypal Buy Now Button
4.3
CVSSv2
CVE-2019-14784
The "CP Contact Form with PayPal" plugin prior to 1.2.98 for WordPress has XSS in CSS edition.
Codepeople Cp Contact Form With Paypal
4.3
CVSSv2
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
4
CVSSv2
CVE-2019-7441
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it ...
Woocommerce Paypal Checkout Payment Gateway 1.6.8
1 EDB exploit
5.8
CVSSv2
CVE-2012-5795
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Oscommerce Oscommerce -
Akunamachata Paypal Express Module -
5
CVSSv2
CVE-2019-14979
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it...
Woocommerce Paypal Checkout Payment Gateway 1.6.17
6.8
CVSSv2
CVE-2015-9233
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
Codepeople Cp Contact Form With Paypal
6.5
CVSSv2
CVE-2015-9234
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
Cfpaypal Cp Contact Form With Paypal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »