Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin prior to 1.0.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the cal parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codepeople payment form for paypal pro |