Vulnerabilities and security researches forquick-paypal-payments quick-paypal-payments

Direction: ascending

Jun 07, 2024

Quick Paypal Payments # CVE-2023-25713

CVE, Research URL: CVE-2023-25713
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 07, 2023
Research Description: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: max 5.7.26.
Status: vulnerable

Quick Paypal Payments # CVE-2023-23889

CVE, Research URL: CVE-2023-23889
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 26, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: max 5.7.26.
Status: vulnerable

Quick Paypal Payments # ac75eee981d9a39ebfc49b2f195b66fece1462da

CVE, Research URL: ac75eee981d9a39ebfc49b2f195b66fece1462da
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 28, 2022
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.22 WordPress Quick Paypal Payments plugin < 5.7.22 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22).
Affected versions: max 5.7.22.
Status: vulnerable

Quick Paypal Payments # CVE-2023-25702

CVE, Research URL: CVE-2023-25702
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Affected versions: max 5.7.26.
Status: vulnerable

Quick Paypal Payments # CVE-2023-1554

CVE, Research URL: CVE-2023-1554
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: May 02, 2023
Research Description: The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 5.7.26.4.
Status: vulnerable

Jun 10, 2024

Quick Paypal Payments # CVE-2023-25714

CVE, Research URL: CVE-2023-25714
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
Affected versions: max 5.7.26.
Status: vulnerable

Nov 15, 2024

Quick Paypal Payments # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 5.7.22.
Status: vulnerable

Sep 06, 2025

Quick Paypal Payments # CVE-2025-27003

CVE, Research URL: CVE-2025-27003
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Sep 05, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46.
Affected versions: max 5.7.47.
Status: vulnerable

Jun 13, 2026

Quick Paypal Payments # CVE-2023-33999

CVE, Research URL: CVE-2023-33999
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Jun 11, 2026
Research Description: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions: max 5.7.29.
Status: vulnerable

Jun 16, 2026

Quick Paypal Payments # 9361b71637bede9f86f9b8e7ae1908d62a5ef31c

CVE, Research URL: 9361b71637bede9f86f9b8e7ae1908d62a5ef31c
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: May 15, 2015
Research Description: Quick Paypal Payments [quick-paypal-payments] < 3.1 WordPress Quick Paypal Payments Plugin <= 3.0 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. This plugin is not fixed.
Affected versions: max 3.1.
Status: vulnerable

Quick Paypal Payments # 6d8910c719b2a132ec93828cd37e418b19cac960

CVE, Research URL: 6d8910c719b2a132ec93828cd37e418b19cac960
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Mar 04, 2022
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.22 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 5.7.22.
Status: vulnerable

Quick Paypal Payments # 687d78df7bf1589193db1c931abb3c12142e1a6a

CVE, Research URL: 687d78df7bf1589193db1c931abb3c12142e1a6a
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 10, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.26 Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting The Quick Paypal Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings through several parameters (blurb, comboboxword, comboboxlabel, shortcodeamount, postagepercent, postagefixed, couponref, couponbutton, minamount, recurringhowmany, Dperiod, Wperiod, Mperiod, Yperiod, every, quantitymaxblurb, min, max, initial, step) in versions up to, and including, 5.7.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 5.7.26.
Status: vulnerable

Quick Paypal Payments # 43aed989204b22d7d17d9eef7b521d26d569a905

CVE, Research URL: 43aed989204b22d7d17d9eef7b521d26d569a905
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Oct 18, 2013
Research Description: Quick Paypal Payments [quick-paypal-payments] < 3.1 Quick Paypal Payments < 3.1 - Cross-Site Scripting The Quick Paypal Payments plugin for WordPress is vulnerable to Cross-Site Scripting via the 'reference' and 'amount' parameters in versions before 3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 3.1.
Status: vulnerable

Quick Paypal Payments # 694ee69b4de310131233fa748c67a0df9010292f

CVE, Research URL: 694ee69b4de310131233fa748c67a0df9010292f
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 28, 2022
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.22 WordPress Quick Paypal Payments plugin < 5.7.22 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22).
Affected versions: max 5.7.22.
Status: vulnerable

Quick Paypal Payments # 0c8defc88e31a93d8287c9fd4c5b971fc9dd6b56

CVE, Research URL: 0c8defc88e31a93d8287c9fd4c5b971fc9dd6b56
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Mar 27, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.26.4 Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting The Quick Paypal Payments for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.7.26.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 5.7.26.4.
Status: vulnerable

Quick Paypal Payments # c51010c0967ededc8679155b783a7ec559e6f866

CVE, Research URL: c51010c0967ededc8679155b783a7ec559e6f866
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Mar 29, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.26.4 WordPress Quick Paypal Payments Plugin <= 5.7.26.3 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Quick Paypal Payments plugin to the latest available version (at least 5.7.26.4). Unknown discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Quick Paypal Payments Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 5.7.26.4.
Affected versions: max 5.7.26.4.
Status: vulnerable

Quick Paypal Payments # 242b9d05aed641f1adb78b58ae95e654f9637041

CVE, Research URL: 242b9d05aed641f1adb78b58ae95e654f9637041
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: May 15, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 3.1 WordPress Quick Paypal Payments Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS) This plugin is not fixed. An unknown person discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Quick Paypal Payments Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.1.
Affected versions: max 3.1.
Status: vulnerable

Quick Paypal Payments # 6ead0d6426d04ab847d3de5d529cc61bb8fd8ce8

CVE, Research URL: 6ead0d6426d04ab847d3de5d529cc61bb8fd8ce8
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 28, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.22 WordPress Quick Paypal Payments Plugin < 5.7.22 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress Quick Paypal Payments plugin to the latest available version (at least 5.7.22). An unknown person discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Quick Paypal Payments Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 5.7.22.
Affected versions: max 5.7.22.
Status: vulnerable

Quick Paypal Payments # 1a13558cccb1bbf2ed602f446112b66022a66ed1

CVE, Research URL: 1a13558cccb1bbf2ed602f446112b66022a66ed1
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: Feb 28, 2023
Research Description: Quick Paypal Payments [quick-paypal-payments] < 5.7.22 WordPress Quick Paypal Payments Plugin < 5.7.22 is vulnerable to Sensitive Data Exposure Update the WordPress Quick Paypal Payments plugin to the latest available version (at least 5.7.22). An unknown person discovered and reported this Sensitive Data Exposure vulnerability in WordPress Quick Paypal Payments Plugin. This vulnerability has been fixed in version 5.7.22.
Affected versions: max 5.7.22.
Status: vulnerable

Quick Paypal Payments # 22b01042-2ec8-42d4-9181-c63ebce2dc6b

CVE, Research URL: 22b01042-2ec8-42d4-9181-c63ebce2dc6b
Home page URL: Security reports for Quick Paypal Payments
Application: Quick Paypal Payments
Date: -
Research Description: Quick Paypal Payments [quick-paypal-payments] < 3.1 Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS The Quick Paypal Payments WordPress plugin was affected by a Payment Sending Multiple Parameter XSS security vulnerability.
Affected versions: max 3.1.
Status: vulnerable