Accept Donations With Paypal
Approved changes feed: RSS · Atom
cpe:2.3:a:wpplugin:accept_donations_with_paypal:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wpplugin (6b0d08a9-09e2-53b4-9aa7-59911e6fbd06) |
|---|---|
| Product | Accept Donations With Paypal (6835cd8b-42c9-5037-8cac-d87d2a6b59f4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wpplugins/easy-paypal-donation |
purl2cpe | 2026-06-01 10:16:23.457400 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-47517 |
vulnerable | 2026-06-08 07:27:14.496924 |
WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability
HIGH (7.1)
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Stored XSS.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.4.5.
Published: 2025-05-07T14:20:05.164Z
Updated: 2026-04-28T16:12:43.846Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24989 |
vulnerable | 2026-06-08 05:30:39.754948 |
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog
Published: 2022-01-24T08:01:05.000Z
Updated: 2024-08-03T19:49:14.541Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24815 |
vulnerable | 2026-06-08 05:30:39.291440 | db.gcve.eu details are currently unavailable. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24572 |
vulnerable | 2026-06-08 05:30:38.786652 |
Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion
The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts
Published: 2021-11-01T08:46:01.000Z
Updated: 2024-08-03T19:35:20.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24570 |
vulnerable | 2026-06-08 05:30:38.784098 |
Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting
The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.
Published: 2021-11-01T08:46:00.000Z
Updated: 2024-08-03T19:35:20.193Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.