CVE-2024-10850

The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...

PT-2024-16590 · Razorpay · Razorpay Payment Button Plugin

Name of the Vulnerable Software and Affected Versions: Razorpay Payment Button Plugin versions prior to 2.4.6 Description: The Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate...