Search criteria
2 vulnerabilities found for LifterLMS Paypal by Unknown
CVE-2022-1250 (GCVE-0-2022-1250)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
Summary
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | LifterLMS Paypal |
Affected:
1.4.0 , < 1.4.0
(custom)
|
Credits
Brandon James Roldan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifterLMS Paypal",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1250",
"STATE": "PUBLIC",
"TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifterLMS Paypal",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
"refsource": "MISC",
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1250",
"datePublished": "2022-05-02T16:05:50",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1250 (GCVE-0-2022-1250)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
Summary
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | LifterLMS Paypal |
Affected:
1.4.0 , < 1.4.0
(custom)
|
Credits
Brandon James Roldan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LifterLMS Paypal",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1250",
"STATE": "PUBLIC",
"TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LifterLMS Paypal",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
},
{
"name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
"refsource": "MISC",
"url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1250",
"datePublished": "2022-05-02T16:05:50",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}