CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51918 – WordPress Pay With Stripe plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Pay With Stripe allows DOM-Based XSS.This issue affects Pay With Stripe: from n/a through 1.2.1. The Pay With Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/payments-stripe-gateway/wordpress-pay-with-stripe-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48285 – WordPress Accept Stripe Payments plugin <= 2.0.79 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-48285
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79. Neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Tips and Tricks HQ Stripe Payments permite la inyección de código. Este problema afecta a Stripe Payments: desde n/a hasta 2.0.79. The Accept Stripe Payments plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 2.0.79. This is due to payment data not properly being sanitized in the get_billing_details() function. • https://patchstack.com/database/vulnerability/stripe-payments/wordpress-accept-stripe-payments-plugin-2-0-79-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48286 – Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2023-48286
The Stripe Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_create_pi() function in versions up to, and including, 2.0.79. This makes it possible for unauthenticated attackers to purchase products in another currency which may result in attackers paying lower amouns than they should be. • CWE-639: Authorization Bypass Through User-Controlled Key •