Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25713
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
5
CVSSv2
CVE-2005-0936
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Esmi Paypal Storefront 1.7
1 EDB exploit
NA
CVE-2023-1554
The Quick Paypal Payments WordPress plugin prior to 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...
Fullworksplugins Quick Paypal Payments
5.8
CVSSv2
CVE-2012-5790
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Paypal Payments Standard 20120427
NA
CVE-2022-48345
sanitize-url (aka @braintree/sanitize-url) prior to 6.0.2 allows XSS via HTML entities.
Paypal Braintree\\/sanitize-url
4.3
CVSSv2
CVE-2015-9373
PayPal Pro Add-on for iThemes Exchange prior to 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Webdevstudios Ithemes Paypal Pro
NA
CVE-2022-3983
The Checkout for PayPal WordPress plugin prior to 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Noorsplugin Checkout For Paypal
NA
CVE-2023-23889
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Fullworksplugins Quick Paypal Payments
NA
CVE-2023-22686
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.
Trinitronic Nice Paypal Button Lite
4.3
CVSSv2
CVE-2017-6099
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote malicious users to inject arbitrary web script or HTML via the token parameter.
Paypal Merchant-sdk-php 3.9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »