2 matches found
WordPress HBLPAY Payment Gateway for WooCommerce plugin <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability
Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin HBLPAY Payment Gateway for WooCommerce versions = 5.0.0...
CVE-2025-14875 HBLPAY Payment Gateway for WooCommerce <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter
The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...