CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32571 – WordPress WP Stripe Checkout plugin <= 1.2.2.41 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32571
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 WP Stripe Checkout allows Stored XSS.This issue affects WP Stripe Checkout: from n/a through 1.2.2.41. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en naa986 WP Stripe Checkout permite almacenar XSS. Este problema afecta a WP Stripe Checkout: desde n/a hasta 1.2.2.41. The WP Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.2.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-stripe-checkout/wordpress-wp-stripe-checkout-plugin-1-2-2-41-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48285 – WordPress Accept Stripe Payments plugin <= 2.0.79 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-48285
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79. Neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Tips and Tricks HQ Stripe Payments permite la inyección de código. Este problema afecta a Stripe Payments: desde n/a hasta 2.0.79. The Accept Stripe Payments plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 2.0.79. This is due to payment data not properly being sanitized in the get_billing_details() function. • https://patchstack.com/database/vulnerability/stripe-payments/wordpress-accept-stripe-payments-plugin-2-0-79-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48286 – Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2023-48286
The Stripe Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_create_pi() function in versions up to, and including, 2.0.79. This makes it possible for unauthenticated attackers to purchase products in another currency which may result in attackers paying lower amouns than they should be. • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44999 – WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-44999
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 (exclusive). This is due to missing or incorrect nonce validation on the maybe_handle_redirect function. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35049 – WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35049
Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.4.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.4.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •