2 matches found
CVE-2022-3983 Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3983
CVE-2022-3983 affects the WordPress plugin “Checkout for PayPal” prior to version 1.0.14. The vulnerability arises because the plugin does not validate and escape some shortcode attributes before outputting them, which can enable stored Cross-Site Scripting by a user with as little as a Contribut...