WordPress Plugin Vulnerabilities

Paytium < 3.1.2 - Stored Cross-Site Scripting (XSS)

Description

Both authenticated and unauthenticated stored XSS issues via fields in the payment details.

Affects Plugins

Plugin icon
paytium
Fixed in 3.1.2

References

URL
https://medium.com/@jonathanbouman/stored-xss-in-paytium-3-0-13-wordpress-plugin-3157ee37eb8f

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Original Researcher
Jonathan Bouman
Verified
No
WPVDB ID
546e14ac-76e4-47c1-ad59-2ad7dd063952

Timeline

Publicly Published
2020-05-12 (about 6 years ago)
Added
2020-06-22 (about 5 years ago)
Last Updated
2020-06-23 (about 5 years ago)

Other

Published
Title
Published
2025-08-19
Title
SensorPress <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-04-28
Title
Countdown & Clock <= 3.0.8 - Admin+ Stored XSS
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Published
2025-01-07
Title
F4 Post Tree < 1.1.19 - Reflected Cross-Site Scripting
Published
2024-01-23
Title
WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS