Vulnerabilities > Vcita > Online Payments GET Paid With Paypal Square Stripe

DATE CVE VULNERABILITY TITLE RISK
2023-06-03 CVE-2023-2406 Cross-site Scripting vulnerability in Vcita products
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping.
network
low complexity
vcita CWE-79
5.4
2023-06-03 CVE-2023-2407 Cross-Site Request Forgery (CSRF) vulnerability in Vcita products
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery.
network
low complexity
vcita CWE-352
6.5