EUVD-2026-34993

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

CVE-2026-11462

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

CVE-2026-11462

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

CVE-2026-11462 Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

PT-2026-47190

Name of the Vulnerable Software and Affected Versions BeikeShop versions prior to 1.6.0.22 Description Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the Request argument within the callback function of the file...

WordPress Payment Page | Payment Form for Stripe plugin <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'pricingplanselecttextfontfamily' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Payment Page versions = 1.4.6...

WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe versions = 0.9.17...

CVE-2025-10383

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all versions up to, and including, 27.0.2. This is due to insufficient input sanitization and output escaping on user-supplied...

CVE-2024-13631

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13631

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13631 OM Stripe <= 02.00.00 - Reflected XSS

The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13631

CVE-2024-13631 affects the Om Stripe WordPress plugin (versions up to 02.00.00). The issue is a Reflected Cross-Site Scripting (XSS) caused by insufficient sanitisation/escaping of a parameter before echoing it on the page. Impact is described as potential abuse against high-privilege users such ...

PT-2025-8678 · WordPress · Om Stripe Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Om Stripe WordPress plugin versions through 02.00.00 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be...

PT-2024-35023 · Unknown · Sell Media File With Stripe

Name of the Vulnerable Software and Affected Versions: naa986 Sell Media File with Stripe versions 1.0.0 through 1.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that...

WordPress Sell Media File with Stripe plugin <= 1.0.6 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Sell Media File with Stripe versions = 1.0.6...

WordPress Sell Media File with Stripe Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Sell Media File with Stripe Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID af1c67b9897b Credits SOPROBRO Required privilege...

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress Plugin wp-full-stripe-free Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

CVE-2023-4040

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...