3 matches found
CVE-2026-8893
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...
CVE-2026-8893
The CVE-2026-8893 entry concerns the Express Payment For Stripe WordPress plugin. Affected: the [stripe-express] shortcode’s type attribute in versions up to and including 1.28.0. Root cause: insufficient input sanitization and output escaping, with the attribute value concatenated into an HTML a...
PT-2026-47071
Name of the Vulnerable Software and Affected Versions Express Payment For Stripe versions prior to 1.28.1 Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. The issue occurs within the register shortcode...