Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2005-0898
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote malicious users to inject arbitrary web script or HTML via the txn_id parameter.
Magicscripts E-store Kit-2 Paypal
NA
CVE-2023-1431
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-car...
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
NA
CVE-2022-4672
The WordPress Simple Shopping Cart WordPress plugin prior to 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
5.8
CVSSv2
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitr...
Paypal Payflow Pro Express Checkout -
Oscommerce Oscommerce -
NA
CVE-2023-6497
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
5.8
CVSSv2
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary ...
Zen-cart Zen Cart -
Paypal Payments Pro -
NA
CVE-2023-0275
The Easy Accept Payments for PayPal WordPress plugin prior to 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store...
Tipsandtricks-hq Easy Accept Payments For Paypal
6.8
CVSSv2
CVE-2019-5992
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and previous versions allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Ultra-prod Wordpress Ultra Simple Paypal Shopping Cart
5.8
CVSSv2
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
5.8
CVSSv2
CVE-2012-5797
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary...
Oscommerce Oscommerce -
Brian Burton Paypal Pro Payflow Module -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »