WordPress Plugin Vulnerabilities

Afterpay Gateway for WooCommerce < 3.5.1 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the orderToken parameter before outputting it back in the page via an error message, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
afterpay-gateway-for-woocommerce
Fixed in 3.5.1

References

CVE
CVE-2022-29416

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
Yes
WPVDB ID
3d1b32f0-1996-43c0-b293-828440d7776d

Timeline

Publicly Published
2022-12-01 (about 3 years ago)
Added
2022-12-09 (about 3 years ago)
Last Updated
2022-12-09 (about 3 years ago)

Other

Published
Title
Published
2022-02-16
Title
Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting
Published
2024-04-16
Title
EnvíaloSimple: Email Marketing y Newsletters < 2.3 - Reflected Cross-Site Scripting
Published
2024-09-05
Title
Advanced Sermons < 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-06
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.12.1 - Reflected Cross-Site Scripting
Published
2022-06-06
Title
Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting