Vulnerability Details CVE-2015-7666
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/archive/1/536602/100/0/threaded
- https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro
- https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers
- https://wpvulndb.com/vulnerabilities/8210
- http://www.securityfocus.com/archive/1/536602/100/0/threaded
- https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro
- https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers
- https://wpvulndb.com/vulnerabilities/8210
Products affected by CVE-2015-7666
-
cpe:2.3:a:codepeople:payment_form_for_paypal_pro:1.0.1