cleantalk
Vulnerabilities and Security Researches

Easy PayPal & Stripe Buy Now Button, f82adf6ff77a6966fa4bfb6b64e300af5e1504cc

CVE, Research URL

f82adf6ff77a6966fa4bfb6b64e300af5e1504cc

Home page URL

Security reports for Easy PayPal & Stripe Buy Now Button

Application

Easy PayPal & Stripe Buy Now Button

Published on
Jun 12, 2017
Research Description
Easy PayPal &amp; Stripe Buy Now Button [wp-ecommerce-paypal] < 1.7.3 (closed) Easy PayPal Buy Now Button <= 1.7.2 - Cross-Site Request Forgery to Cross-Site Scripting The Easy PayPal Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the wpecpp_settingsoptions function. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses the /wp-admin/options-general.php?page=wp-ecommerce-setting page, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.7.3.
Status
vulnerable
Previous vulnerability researches
Easy PayPal &amp; Stripe Buy Now Button (CVE-2022-4628) , Jun 07, 2024
Easy PayPal &amp; Stripe Buy Now Button (CVE-2024-1719) , Jun 07, 2024
Easy PayPal &amp; Stripe Buy Now Button (CVE-2023-51683) , Jun 07, 2024
Easy PayPal &amp; Stripe Buy Now Button (f82adf6ff77a6966fa4bfb6b64e300af5e1504cc) , Jun 07, 2024
Easy PayPal &amp; Stripe Buy Now Button (CVE-2025-47623) , May 09, 2025
New vulnerability
1 Click WordPress Migration Plugin &#8211; 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email &amp; Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 &#8211; WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025