Vulnerabilities > Alipay Project > Alipay
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-06 | CVE-2021-24390 | SQL Injection vulnerability in Alipay Project Alipay A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | 7.2 |
2014-10-21 | CVE-2014-4514 | Cross-Site Scripting vulnerability in Alipay Project Alipay 3.6.0 Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function. | 4.3 |