Vulnerabilities and security researches forwp-ecommerce-paypal wp-ecommerce-paypal

Jun 07, 2024

CVE, Research URL: CVE-2022-4628
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: Feb 13, 2023
Research Description: The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1719
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: Feb 28, 2024
Research Description: The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the 'wpecpp_stripe_connect_completion' function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-51683
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: Feb 28, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: f82adf6ff77a6966fa4bfb6b64e300af5e1504cc
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: Jun 12, 2017
Research Description: Easy PayPal & Stripe Buy Now Button [wp-ecommerce-paypal] < 1.7.3 (closed) Easy PayPal Buy Now Button <= 1.7.2 - Cross-Site Request Forgery to Cross-Site Scripting The Easy PayPal Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the wpecpp_settingsoptions function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses the /wp-admin/options-general.php?page=wp-ecommerce-setting page, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Aug 13, 2024

CVE, Research URL: CVE-2024-43236
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: Aug 19, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47623
Home page URL: Security reports for Easy PayPal & Stripe Buy Now Button
Application: Easy PayPal & Stripe Buy Now Button
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0.
Affected versions: Min -, max -.
Status: vulnerable