3 matches found
CVE-2026-11324
The CVE affects the WordPress plugins WooCommerce Placetopay Gateway and PlacetoPay/AvalPay Gateway. Vulnerable in versions up to 3.2.2 due to insufficient input sanitization and output escaping of the redirect-url parameter, enabling Reflected XSS. Exploitation requires a user action (e.g., clic...
EUVD-2026-45129
The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-11324 WooCommerce Placetopay Gateway <= 3.2.2 - Reflected Cross-Site Scripting via 'redirect-url'
The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...