CVE-2026-4072 | tstachl WordPress PayPal Donation Plugin up to 1.01 on WordPress Shortcode wordpress_paypal_donation_create cross site scripting

A vulnerability was found in tstachl WordPress PayPal Donation Plugin up to 1.01 on WordPress. It has been rated as problematic. This vulnerability affects the function wordpress_paypal_donation_create of the component Shortcode Handler. The manipulation of the argument amount/email/title/return_url/cancel_url/ccode/image leads to cross site scripting.

This vulnerability is traded as CVE-2026-4072. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2026-4072 | tstachl WordPress PayPal Donation Plugin up to 1.01 on WordPress Shortcode wordpress_paypal_donation_create cross site scripting

Post correlati

CVE-2024-33374 | LB-LINK BL-W1210M 2.0 UART/Serial Interface access control

CVE-2025-2089 | StarSea99 starsea-mall 1.0/2.X com.siro.mall.controller.mall.UserController /personal/updateInfo updateUserInfo userId access control

CVE-2025-12142 | ABB Terra AC Wallbox up to 1.8.33 buffer overflow

CVE-2024-5464 | Huawei HarmonyOS/EMUI NearLink Module information disclosure