Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
9.8
CVSSv3
CVE-2022-21129
Versions of the package nemo-appium prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-app...
Paypal Nemo-appium
9.8
CVSSv3
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
9.8
CVSSv3
CVE-2018-18800
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
Tubigan Welcome To Our Resort 1.0
1 EDB exploit
8.8
CVSSv3
CVE-2023-6187
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticat...
Strangerstudios Paid Memberships Pro
8.8
CVSSv3
CVE-2023-24405
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Wpplugin Paypal \\& Stripe Add-on
8.8
CVSSv3
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Woocommerce Paypal Payments
8.8
CVSSv3
CVE-2023-22686
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.
Trinitronic Nice Paypal Button Lite
8.8
CVSSv3
CVE-2021-24620
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin up to and including 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSR...
Simple-e-commerce-shopping-cart Project Simple-e-commerce-shopping-cart
8.8
CVSSv3
CVE-2019-5992
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and previous versions allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Ultra-prod Wordpress Ultra Simple Paypal Shopping Cart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »