Search
Find a vulnerability
Search criteria
2 vulnerabilities found for LifterLMS Paypal by Unknown
CVE-2022-1250 (GCVE-0-2022-1250)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI
Title
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
Summary
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/1f8cb0b9-7447-44… | x_refsource_MISC |
| https://make.lifterlms.com/2022/04/04/lifterlms-p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | LifterLMS Paypal |
Affected:
1.4.0 , < 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifterLMS Paypal",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1250",
"STATE": "PUBLIC",
"TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifterLMS Paypal",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
"refsource": "MISC",
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1250",
"datePublished": "2022-05-02T16:05:50.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1250 (GCVE-0-2022-1250)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI
Title
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
Summary
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/1f8cb0b9-7447-44… | x_refsource_MISC |
| https://make.lifterlms.com/2022/04/04/lifterlms-p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | LifterLMS Paypal |
Affected:
1.4.0 , < 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifterLMS Paypal",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1250",
"STATE": "PUBLIC",
"TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifterLMS Paypal",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
"refsource": "MISC",
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1250",
"datePublished": "2022-05-02T16:05:50.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}