WordPress Plugin Vulnerabilities

Afterpay Gateway for WooCommerce < 3.5.1 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, allowing an attacker to trick a visitor to send a request with XSS payloads that will trigger when they visit the site.

Affects Plugins

Plugin icon
afterpay-gateway-for-woocommerce
Fixed in 3.5.1

References

CVE
CVE-2022-29416

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
89796ffa-508c-49e4-98d9-3ac8120ad1c9

Timeline

Publicly Published
2022-12-01 (about 1 years ago)
Added
2022-12-29 (about 1 years ago)
Last Updated
2022-12-29 (about 1 years ago)

Other

Published
Title
Published
2024-03-25
Title
Unlimited Elements For Elementor < 1.5.94 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
MobileChief - jQuery Validation Cross-Site Scripting
Published
2024-01-17
Title
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode
Published
2023-10-17
Title
WP Full Stripe Free < 7.0.6 - Admin+ Stored XSS
Published
2023-04-03
Title
Magic Post Thumbnail < 4.1.11 - Reflected XSS