Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-7202
The WebHybridClient class in PayPal 5.3 and previous versions for Android allows remote malicious users to execute arbitrary JavaScript on the system.
Paypal Paypal
516
VMScore
CVE-2013-7201
WebHybridClient.java in PayPal 5.3 and previous versions for Android ignores SSL errors, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information.
Paypal Paypal
516
VMScore
CVE-2012-5802
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certifi...
Ubercart Ubercart -
Paypal Paypal -
383
VMScore
CVE-2014-10067
paypal-ipn prior to 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application wh...
Paypal-ipn Project Paypal-ipn
516
VMScore
CVE-2012-5796
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid c...
Oscommerce Oscommerce -
Paypal Paypal Pro -
605
VMScore
CVE-2013-2705
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin prior to 3.6 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings.
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.5
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.3
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.1
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.2.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.6
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.4
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.9
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.8
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 1.7
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.2
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 3.3.0
Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart 2.4
NA
CVE-2023-23785
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.
Exquisite Paypal Donation Project Exquisite Paypal Donation
NA
CVE-2023-0535
The Donation Block For PayPal WordPress plugin prior to 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Donation Block For Paypal Project Donation Block For Paypal
445
VMScore
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
258
VMScore
CVE-2010-4211
The PayPal app prior to 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof a PayPal web server via an arbitrary certificate.
Ebay Paypal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »