Vulnerabilities and security researches forquick-paypal-payments quick-paypal-payments

Jun 07, 2024

CVE, Research URL: CVE-2023-25713
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 07, 2023
Research Description: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-23889
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 26, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: ac75eee981d9a39ebfc49b2f195b66fece1462da
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 28, 2022
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.26 WordPress Quick Paypal Payments plugin < 5.7.22 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25702
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-1554
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: May 02, 2023
Research Description: The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-25714
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Sep 06, 2025

CVE, Research URL: CVE-2025-27003
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Sep 05, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross Site Request Forgery. This issue affects Quick Paypal Payments: from n/a through 5.7.46.
Affected versions: Min -, max -.
Status: vulnerable