Quick Paypal Payments < 5.7.26 – Unauthenticated Stored XSS | CVE 2023-25713

Affects Plugins

quick-paypal-payments

Fixed in 5.7.26

References

CVE

CVE-2023-25713

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Original Researcher

yuyudhn

Verified

No

WPVDB ID

89c1b93d-bdfe-4c1d-ab26-378dd9ffabd3

Timeline

Publicly Published

2023-02-14 (about 3 years ago)

Added

2023-04-10 (about 2 years ago)

Last Updated

2023-04-10 (about 2 years ago)

Other

Published

Title

Published

2025-12-02

Title

CSSIgniter Shortcodes < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

Published

2024-09-05

Title

Contact Form 7 Math Captcha < 3.0.1 - Reflected XSS

Published

2024-07-31

Title

Blog2Social: Social Media Auto Post & Scheduler < 7.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

Published

2024-07-10

Title

WP GoToWebinar < 15.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2026-02-24

Title

DesignThemes Portfolio <= 1.3 - Reflected Cross-Site Scripting