CVE-2024-7861

Name of the Vulnerable Software and Affected Versions Misiek Paypal WordPress plugin versions through 1.1.20090324

Description The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations For Misiek Paypal WordPress plugin versions through 1.1.20090324, consider disabling the plugin until a patch is available to prevent potential CSRF attacks and Stored XSS payload additions. Restrict access to admin panels to minimize the risk of exploitation. Avoid using the plugin for sensitive transactions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.