Vulnerabilities > Vcita > Online Payments GET Paid With Paypal Square Stripe > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-03	CVE-2023-2406	Cross-site Scripting vulnerability in Vcita products The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. network low complexity vcita CWE-79	5.4
2023-06-03	CVE-2023-2407	Cross-Site Request Forgery (CSRF) vulnerability in Vcita products The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. network low complexity vcita CWE-352	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.