60 matches found
CVE-2026-56330
Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...
CVE-2026-56330 Capgo - Open Redirect via Unvalidated Stripe Billing URLs
Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...
CVE-2026-56330
Capgo prior to 12.128.2 has an open redirect in the stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and cre...
EUVD-2026-38126
Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...
PT-2026-51158
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...
MAL-2026-5388 Malicious code in @0xlr/stripe-checkout-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65b2bf8dcdc0fc9b8fdbf14bbf58a011707a4425cf0029867e28067c08ef5566 On npm install, postinstall.js enumerates the full process.env keyspace plus host identifiers os.hostname, username, homedir, cwd, argv, OS details a...
CVE-2026-25741
Zulip CVE-2026-25741 affects the Zulip Cloud payment processing flow. Before commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Che...
CVE-2025-1690
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-49963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
EUVD-2025-35498
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963 WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963 WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...
CVE-2025-49963
CVE-2025-49963 concerns the WordPress plugin Simple Stripe Checkout (growniche) versions up to and including 1.1.28. The issue is a Reflected XSS caused by Improper Neutralization of Input During Web Page Generation, enabling attacker-injected scripts to be executed in views of affected pages. Th...
WordPress plugin Simple Stripe Checkout 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
EUVD-2021-11229
Malware in sbrugna...
EUVD-2023-43846
Malicious code in bioql PyPI...
EUVD-2024-30373
Malicious code in bioql PyPI...
WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe Checkout versions = 1.1.28...
CVE-2024-32571
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in naa986 WP Stripe Checkout allows Stored XSS.This issue affects WP Stripe Checkout: from n/a through 1.2.2.41...