cleantalk
Vulnerabilities and Security Researches

Contact Form 7 – PayPal & Stripe Add-on, CVE-2024-1719

CVE, Research URL

CVE-2024-1719

Home page URL

Security reports for Contact Form 7 – PayPal & Stripe Add-on

Application

Contact Form 7 – PayPal & Stripe Add-on

Published on
Feb 28, 2024
Research Description
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the 'wpecpp_stripe_connect_completion' function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.
Status
vulnerable
Previous vulnerability researches
Easy PayPal & Stripe Buy Now Button (CVE-2022-4628) , Jun 07, 2024
Easy PayPal & Stripe Buy Now Button (CVE-2024-1719) , Jun 07, 2024
Easy PayPal & Stripe Buy Now Button (CVE-2023-51683) , Jun 07, 2024
Easy PayPal & Stripe Buy Now Button (f82adf6ff77a6966fa4bfb6b64e300af5e1504cc) , Jun 07, 2024
Easy PayPal & Stripe Buy Now Button (CVE-2025-47623) , May 09, 2025
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025