CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48285 – WordPress Accept Stripe Payments plugin <= 2.0.79 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-48285
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79. Neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Tips and Tricks HQ Stripe Payments permite la inyección de código. Este problema afecta a Stripe Payments: desde n/a hasta 2.0.79. The Accept Stripe Payments plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 2.0.79. This is due to payment data not properly being sanitized in the get_billing_details() function. • https://patchstack.com/database/vulnerability/stripe-payments/wordpress-accept-stripe-payments-plugin-2-0-79-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48286 – Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2023-48286
The Stripe Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_create_pi() function in versions up to, and including, 2.0.79. This makes it possible for unauthenticated attackers to purchase products in another currency which may result in attackers paying lower amouns than they should be. • CWE-639: Authorization Bypass Through User-Controlled Key •