First published: Mon Feb 13 2023(Updated: )
The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Easy Accept Payments For Paypal | <4.9.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0275.
The severity of CVE-2023-0275 is medium with a CVSS score of 5.4.
The affected software is Tipsandtricks-hq Easy Accept Payments For Paypal WordPress plugin version up to 4.9.10.
The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes, enabling stored cross-site scripting (XSS) attacks by users with the contributor role and above.
Update the Tipsandtricks-hq Easy Accept Payments For Paypal WordPress plugin to version 4.9.10 or higher.