TriPay Payment Gateway < 3.2.8 – Admin+ Stored XSS | CVE 2023-48737

Affects Plugins

Fixed in 3.2.8

References

CVE

CVE-2023-48737

URL

https://patchstack.com/database/vulnerability/tripay-payment-gateway/wordpress-tripay-payment-gateway-plugin-3-2-7-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Luqman Hakim Y

Verified

No

WPVDB ID

15e6684a-e2cc-40d0-a640-7608784e1b1c

Timeline

Publicly Published

2023-11-23 (about 2 years ago)

Added

2023-11-29 (about 2 years ago)

Last Updated

2023-12-14 (about 2 years ago)

Other

Published

Title

Published

2024-03-13

Title

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

Published

2024-12-09

Title

Email Reminders < 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Published

2024-06-20

Title

Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS

Published

2025-09-22

Title

Genealogical Tree <= 2.2.6 - Contributor+ Stored XSS

Published

2025-03-02

Title

WP AntiDDOS <= 2.0 - Reflected Cross-Site Scripting