The Stripe Payments WordPress plugin, version 2.0.39 and possibly below, was vulnerable to Stored Cross-Site Scripting (XSS) in the plugin's currency_code settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability.
Fixed in version 2.0.40✓
Park Won Seok
2021-01-05 (about 4 months ago)
2021-01-08 (about 3 months ago)
2021-01-10 (about 3 months ago)