| CVE-2026-39707 | WordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerability | ZealousWeb | Accept PayPal Payments using Contact Form 7 | - | - | 2026-04-08 08:30:48 | Deep Dive |
| CVE-2026-39643 | WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerability | Payment Plugins | Payment Plugins for PayPal WooCommerce | - | - | 2026-04-08 08:30:32 | Deep Dive |
| CVE-2026-4021 | Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 8.1 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-3617 | Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes | swergroup | Paypal Shortcodes | Medium | 6.4 | 2026-03-21 03:26:59 | Deep Dive |
| CVE-2026-4072 | WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute | tstachl | WordPress PayPal Donation | Medium | 6.4 | 2026-03-21 03:26:57 | Deep Dive |
| CVE-2026-32433 | WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability | codepeople | CP Contact Form with Paypal | 中危 | - | 2026-03-13 11:42:18 | Deep Dive |
| CVE-2026-32387 | WordPress Checkout for PayPal plugin <= 1.0.46 - Broken Access Control vulnerability | Noor Alam | Checkout for PayPal | 中危 | - | 2026-03-13 11:42:10 | Deep Dive |
| CVE-2026-28115 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | 中危 | - | 2026-03-05 05:54:28 | Deep Dive |
| CVE-2026-3180 | Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.5 | 2026-03-02 17:23:36 | Deep Dive |
| CVE-2021-47885 | Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting | CriticalGears | PayPal PRO Payment Terminal | Medium | 6.4 | 2026-02-01 12:15:46 | Deep Dive |
| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-14463 | Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation | naa986 | Payment Button for PayPal | Medium | 5.3 | 2026-01-17 03:24:25 | Deep Dive |
| CVE-2025-22715 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | High | 7.5 | 2026-01-08 09:17:40 | Deep Dive |
| CVE-2025-68602 | WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability | Scott Paterson | Accept Donations with PayPal & Stripe | Medium | 4.7 | 2025-12-24 13:10:47 | Deep Dive |
| CVE-2025-58999 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | - | - | 2025-12-16 08:12:47 | Deep Dive |
| CVE-2025-13966 | Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute | sonlamtn200 | Paypal Payment Shortcode | Medium | 6.4 | 2025-12-12 03:20:54 | Deep Dive |
| CVE-2025-63023 | WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability | Easy Payment | Payment Gateway for PayPal on WooCommerce | Medium | 5.3 | 2025-12-09 14:52:28 | Deep Dive |
| CVE-2025-7820 | SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass | sonalsinha21 | SKT PayPal for WooCommerce | High | 7.5 | 2025-11-27 04:36:44 | Deep Dive |
| CVE-2025-12752 | Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation | scottpaterson | Subscriptions & Memberships for PayPal | Medium | 5.3 | 2025-11-22 07:29:20 | Deep Dive |
| CVE-2025-13384 | CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation | codepeople | CP Contact Form with PayPal | High | 7.5 | 2025-11-22 07:29:20 | Deep Dive |