CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

halfdata · Stripe Green Downloads

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://halfdata.com/green-downloads/stripe/https://www.vulncheck.com/advisories/stripe-green-downloads-wordpress-plugin-persistent-xss-via-settings https://www.vulnerability-lab.com/get_content.php?id=2287