Search criteria
2 vulnerabilities found for payment_form_for_paypal_pro by codepeople
CVE-2015-7666 (GCVE-0-2015-7666)
Vulnerability from nvd – Published: 2017-12-27 19:00 – Updated: 2024-08-06 07:58
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/payment-form-for-pa… | x_refsource_CONFIRM |
| https://wpvulndb.com/vulnerabilities/8210 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536602/100… | mailing-listx_refsource_BUGTRAQ |
| https://plugins.trac.wordpress.org/changeset/1254… | x_refsource_CONFIRM |
Date Public
2015-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8210",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7666",
"datePublished": "2017-12-27T19:00:00.000Z",
"dateReserved": "2015-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7666 (GCVE-0-2015-7666)
Vulnerability from cvelistv5 – Published: 2017-12-27 19:00 – Updated: 2024-08-06 07:58
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/payment-form-for-pa… | x_refsource_CONFIRM |
| https://wpvulndb.com/vulnerabilities/8210 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536602/100… | mailing-listx_refsource_BUGTRAQ |
| https://plugins.trac.wordpress.org/changeset/1254… | x_refsource_CONFIRM |
Date Public
2015-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8210",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8210"
},
{
"name": "20151004 Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536602/100/0/threaded"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7666",
"datePublished": "2017-12-27T19:00:00.000Z",
"dateReserved": "2015-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}