Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP Full Stripe Free 1.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 17, 2023

The WP Full Stripe Free plugin is a plugin used with WordPress, a website platform. It is vulnerable to what is known as Stored Cross-Site Scripting, which is when malicious code can be injected into a page on the website. This malicious code can be executed whenever someone visits the page. This vulnerability affects all versions of the plugin up to and including 1.6.1. This vulnerability can only be exploited if the website is a multi-site installation or if the “unfiltered_html” setting has been disabled.

Detected in:

Accept Payments with Stripe – WP Full Pay for WordPress fixed vulnerable versions:
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions fixed vulnerable versions:
Stripe Payment forms for WordPress – WP Full Pay fixed vulnerable versions:
Stripe Payment forms for WordPress Plugin – WP Full Pay fixed vulnerable versions:
WP Full Stripe fixed vulnerable versions:
WP Full Stripe Free fixed vulnerable versions: >= * <= 7.0.5

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.