Easy%20PayPal%20%26%20Stripe%20Buy%20Now%20Button

Easy PayPal & Stripe Buy Now Button

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2023-51683

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 30.30%

7 Day CHG~0.00%

Published-28 Feb, 2024 | 16:45

Updated-01 Apr, 2025 | 15:31

WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.

Vendor-wpplugin Scott Paterson

Product-easy_paypal_\&_stripe_buy_now_button Easy PayPal & Stripe Buy Now Button

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-1719

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.11% / 30.34%

7 Day CHG~0.00%

Published-28 Feb, 2024 | 09:33

Updated-21 Mar, 2025 | 17:48

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the 'wpecpp_stripe_connect_completion' function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-wpplugin scottpaterson

Product-paypal_\&_stripe_add-on Contact Form 7 – PayPal & Stripe Add-on Easy PayPal & Stripe Buy Now Button

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)