Vulnerabilities and security researches forclearpay-gateway-for-woocommerce clearpay-gateway-for-woocommerce

Jun 06, 2024

CVE, Research URL: f40e75bd8233bbffabf245dd27399255a36b8e75
Home page URL: Security reports for Clearpay Gateway for WooCommerce
Application: Clearpay Gateway for WooCommerce
Date: Dec 09, 2022
Research Description: Clearpay Gateway for WooCommerce [clearpay-gateway-for-woocommerce] < 3.5.1 Clearpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting The Clearpay Gateway for WooCommerce plugin is vulnerable to Reflected Cross-Site Scripting via the ‘orderToken’ parameter in versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.5.1.
Status: vulnerable