CVE-2022-3986
The WP Stripe Checkout WordPress plugin (versions before 1.2.2.21) does not validate or escape some shortcode attributes before output, enabling Stored XSS for users with as low as Contributor. A public exploit example is documented in WPEXploit demonstrating a crafted shortcode that triggers XSS...