Accept Stripe Payments < 2.0.64 – Admin+ Stored Cross-Site Scripting | CVE 2022-2194 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the "Currency Symbol" settings: "><svg/onload=alert(/XSS/)>

Add New Product. Set the Currency that corresponds to the Currency Symbol set above, and fill a price greater than 0.

The XSS will be triggered when viewing the product

Affects Plugins

stripe-payments

Fixed in 2.0.64

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

iohex

Submitter

iohex

Submitter twitter

Verified

Yes

WPVDB ID

ecf4b707-dea9-42d0-9ade-d788a9f97190

Timeline

Publicly Published

2022-06-27 (about 1 years ago)

Added

2022-06-27 (about 1 years ago)

Last Updated

2023-04-02 (about 1 years ago)

Other

Published

Title

Published

2024-04-22

Title

All-in-one Like Widget < 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2022-04-27

Title

Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting

Published

2022-11-23

Title

Smart Slider 3 < 3.5.1.11 - Contributor+ Stored XSS

Published

2022-01-17

Title

Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting

Published

2023-02-02

Title

Jobs for WordPress < 2.6.0 - Author+ Stored XSS