PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button

Johannes Skamletz

Published

2025-07-19

Updated

2025-07-19

CVE-2025-7669

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Avishi WP PayPal Payment Button versions prior to 2.1

Description The Avishi WP PayPal Payment Button plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the /avishi-wp-paypal-payment-button/index.php page. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update Avishi WP PayPal Payment Button to version 2.1 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-7669

Affected Products

Avishi Wp Paypal Payment Button

PT-2025-30113 · WordPress · Avishi Wp Paypal Payment Button

CVE-2025-7669

Weakness Enumeration

Related Identifiers

Affected Products

References · 7