The Stripe Payments WordPress plugin, version 2.0.39 and possibly below, was vulnerable to Stored Cross-Site Scripting (XSS) in the plugin's currency_code settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability.
Park Won Seok
Ryan
Yes
2021-01-05 (about 2 years ago)
2021-01-08 (about 2 years ago)
2021-01-10 (about 2 years ago)