Vulnerabilities and security researches forafterpay-gateway-for-woocommerce

CVE, Research URL: 87ecb3c4f42dc07b5cbfb2834e4c3f694266299f
Home page URL: Security reports for Afterpay Gateway for WooCommerce
Application: Afterpay Gateway for WooCommerce
Date: Aug 16, 2021
Research Description: Afterpay Gateway for WooCommerce [afterpay-gateway-for-woocommerce] < 3.2.1 WordPress Afterpay Gateway for WooCommerce plugin <= 3.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Afterpay Gateway for WooCommerce plugin (versions <= 3.2.0).
Affected versions: max 3.2.1.
Status: vulnerable

CVE, Research URL: CVE-2023-2744
Home page URL: Security reports for Afterpay Gateway for WooCommerce
Application: Afterpay Gateway for WooCommerce
Date: Jun 27, 2023
Research Description: The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Affected versions: max 1.12.4.
Status: vulnerable

CVE, Research URL: CVE-2022-29416
Home page URL: Security reports for Afterpay Gateway for WooCommerce
Application: Afterpay Gateway for WooCommerce
Date: Feb 06, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.
Affected versions: max 3.5.1.
Status: vulnerable

Vulnerabilities and security researches forafterpay-gateway-for-woocommerce afterpay-gateway-for-woocommerce