WordPress Plugin Vulnerabilities

WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS

Description

The sagepay-direct-for-woocommerce-payment-gateway WordPress plugin was affected by a pages/3DRedirect.php Multiple Parameter Reflected XSS security vulnerability.

Affects Plugins

Plugin icon
sagepay-direct-for-woocommerce-payment-gateway
Fixed in 0.1.6.7

References

CVE
CVE-2014-4549

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
cb33da5f-cd04-4017-bdaa-77999807829d

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-27 (about 6 years ago)

Other

Published
Title
Published
2025-03-06
Title
Advanced File Manager < 5.3.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
Published
2025-01-16
Title
Custom Page Extensions <= 0.6 - Reflected Cross-Site Scripting
Published
2014-11-20
Title
Contact Bank Standard Edition <= 2.0.69 - Cross-Site Scripting (XSS)
Published
2021-09-09
Title
WooCommerce Payment Gateway Per Category <= 2.0.10 - Reflected Cross-Site Scripting
Published
2024-06-25
Title
All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting