| CVE-2025-66107 | WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability | Scott Paterson | Subscriptions & Memberships for PayPal | 中危 | - | 2025-11-21 12:30:04 | Deep Dive |
| CVE-2025-12849 | Contest Gallery <= 28.0.2 - Missing Authorization | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 5.3 | 2025-11-15 06:41:31 | Deep Dive |
| CVE-2025-11859 | Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | coenjacobs | Paypal Donation Shortcode | Medium | 6.4 | 2025-11-11 03:30:48 | Deep Dive |
| CVE-2025-11254 | Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 4.3 | 2025-10-11 08:29:16 | Deep Dive |
| CVE-2025-10383 | Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-10-04 03:33:32 | Deep Dive |
| CVE-2025-10309 | PayPal Forms <= 1.0.3 - Cross-Site Request Forgery | bsmye | PayPal Forms | Medium | 4.3 | 2025-10-03 11:17:16 | Deep Dive |
| CVE-2025-9463 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |
| CVE-2025-27003 | WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability | fullworks | Quick Paypal Payments | Medium | 4.3 | 2025-09-05 16:18:21 | Deep Dive |
| CVE-2025-57891 | WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability | wpecommerce | Recurring PayPal Donations | Medium | 5.9 | 2025-08-22 11:59:57 | Deep Dive |
| CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-7669 | Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | avishika | Avishi WP PayPal Payment Button | Medium | 6.1 | 2025-07-19 02:22:59 | Deep Dive |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-07-11 06:43:33 | Deep Dive |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability | YITHEMES | YITH PayPal Express Checkout for WooCommerce | Medium | 4.3 | 2025-06-17 15:01:44 | Deep Dive |
| CVE-2025-46543 | WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability | CharlyLeetham | Enhanced Paypal Shortcodes | Medium | 6.5 | 2025-05-19 17:04:06 | Deep Dive |
| CVE-2025-3862 | Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-05-08 11:13:45 | Deep Dive |
| CVE-2025-47623 | WordPress Easy PayPal Buy Now Button plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability | Scott Paterson | Easy PayPal Buy Now Button | Medium | 5.9 | 2025-05-07 14:20:35 | Deep Dive |
| CVE-2025-47519 | WordPress Easy PayPal Events plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability | Scott Paterson | Easy PayPal Events | Medium | 4.3 | 2025-05-07 14:20:06 | Deep Dive |
| CVE-2025-47518 | WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.3.4 - Cross Site Scripting (XSS) Vulnerability | Scott Paterson | Contact Form 7 – PayPal & Stripe Add-on | Medium | 5.9 | 2025-05-07 14:20:06 | Deep Dive |
| CVE-2025-47517 | WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability | Scott Paterson | Accept Donations with PayPal & Stripe | High | 7.1 | 2025-05-07 14:20:05 | Deep Dive |
| CVE-2025-46499 | WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability | hccoder | PayPal Express Checkout | High | 7.1 | 2025-04-24 16:08:52 | Deep Dive |