WordPress Plugin Vulnerabilities

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

Description

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
payment-gateway-stripe-and-woocommerce-integration
Fixed in 3.6.0

References

URL
https://plugins.trac.wordpress.org/changeset/2543438

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Verified
Yes
WPVDB ID
878849b7-ac8b-4040-87d7-e3cf48054eea

Timeline

Publicly Published
2021-06-07 (about 4 years ago)
Added
2021-06-07 (about 4 years ago)
Last Updated
2021-06-07 (about 4 years ago)

Other

Published
Title
Published
2026-01-11
Title
Penci Recipe <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-10-04
Title
USERCENTRICS CMP <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-11-25
Title
Community Events < 1.4.9 - Admin+ Stored XSS
Published
2026-01-08
Title
WP Popup Magic <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute
Published
2025-02-27
Title
Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting