55 matches found
@bodonkey/charting-extension (>=1.0.0 <=1.1.0), @stepanjakl/apostrophe-stripe-checkout (>=0.0.1 <=0.0.5) +2 more potentially affected by CVE-2026-45011 via apostrophe (=4.29.0)
apostrophe NPM version =4.29.0 is affected by a known vulnerability. The following packages have a transitive dependency on apostrophe and may be impacted: - @bodonkey/charting-extension =1.0.0, =0.0.1, =0.0.1, =0.0.8 - tfp-procrea =1.0.0 Source cves: CVE-2026-45011 Source advisory:...
CVE-2026-25741
Zulip CVE-2026-25741 affects the Zulip Cloud payment processing flow. Before commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Che...
CVE-2025-1690
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-49963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
EUVD-2025-35498
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963 WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963
CVE-2025-49963 concerns the WordPress plugin Simple Stripe Checkout (growniche) versions up to and including 1.1.28. The issue is a Reflected XSS caused by Improper Neutralization of Input During Web Page Generation, enabling attacker-injected scripts to be executed in views of affected pages. Th...
CVE-2025-49963 WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
WordPress plugin Simple Stripe Checkout 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
EUVD-2021-11229
Malware in sbrugna...
EUVD-2023-43846
Malicious code in bioql PyPI...
EUVD-2024-30373
Malicious code in bioql PyPI...
WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe Checkout versions = 1.1.28...
CVE-2024-32571
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in naa986 WP Stripe Checkout allows Stored XSS.This issue affects WP Stripe Checkout: from n/a through 1.2.2.41...
CVE-2023-52143
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37...
CVE-2022-3986
The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2025-1690
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-1690
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-1690 ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...