Vulnerabilities and security researches fornowpayments-for-woocommerce nowpayments-for-woocommerce

Jun 07, 2024

CVE, Research URL: ca331f58f4c26dcd3ca933fda673bf6fd6c1dea4
Home page URL: Security reports for NOWPayments For WooCommerce
Application: NOWPayments For WooCommerce
Date: Jul 18, 2023
Research Description: NOWPayments For WooCommerce [nowpayments-for-woocommerce] < 1.0.5 WordPress NOWPayments for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) Update the WordPress NOWPayments for WooCommerce plugin to the latest available version (at least 1.0.5). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress NOWPayments for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.5.
Affected versions: max 1.0.5.
Status: vulnerable