WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Stripe Payments < 2.0.40 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Stripe Payments WordPress plugin, version 2.0.39 and possibly below, was vulnerable to Stored Cross-Site Scripting (XSS) in the plugin's currency_code settings parameter.

The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability.

Affects Plugins

stripe-payments
Fixed in version 2.0.40

References

URL
https://plugins.trac.wordpress.org/changeset/2452252
URL
https://packetstormsecurity.com/files/160799/
ExploitDB
49354

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Park Won Seok

Submitter

Ryan

Verified

Yes

WPVDB ID
e4136273-ffd5-4588-a47b-21a6105c1bca

Timeline

Publicly Published

2021-01-05 (about 2 years ago)

Added

2021-01-08 (about 2 years ago)

Last Updated

2021-01-10 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin