Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-0897
PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote malicious users to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code.
Magicscripts E-store Kit-2 Paypal
NA
CVE-2005-0898
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote malicious users to inject arbitrary web script or HTML via the txn_id parameter.
Magicscripts E-store Kit-2 Paypal
5.4
CVSSv3
CVE-2022-4628
The Easy PayPal Buy Now Button WordPress plugin prior to 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cros...
Wpplugin Easy Paypal Buy Now Button
6.1
CVSSv3
CVE-2019-14784
The "CP Contact Form with PayPal" plugin prior to 1.2.98 for WordPress has XSS in CSS edition.
Codepeople Cp Contact Form With Paypal
6.1
CVSSv3
CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitr...
Codepeople Payment Form For Paypal Pro
6.5
CVSSv3
CVE-2019-7441
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it ...
Woocommerce Paypal Checkout Payment Gateway 1.6.8
1 EDB exploit
NA
CVE-2012-5795
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Oscommerce Oscommerce -
Akunamachata Paypal Express Module -
5.3
CVSSv3
CVE-2019-14979
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it...
Woocommerce Paypal Checkout Payment Gateway 1.6.17
8.8
CVSSv3
CVE-2015-9233
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
Codepeople Cp Contact Form With Paypal
7.2
CVSSv3
CVE-2015-9234
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
Cfpaypal Cp Contact Form With Paypal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »