Vulnerabilities and security researches forpayment-page payment-page

Apr 16, 2026

CVE, Research URL: CVE-2026-0751
Home page URL: Security reports for Payment Page | Best Payment Plugin for Stripe & PayPal
Application: Payment Page | Best Payment Plugin for Stripe & PayPal
Date: Feb 14, 2026
Research Description: The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricing_plan_select_text_font_family' parameter in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.4.7.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 08917eae21543dbe258cac283e145f63c41add32
Home page URL: Security reports for Payment Page | Best Payment Plugin for Stripe & PayPal
Application: Payment Page | Best Payment Plugin for Stripe & PayPal
Date: Feb 28, 2022
Research Description: Payment Page | Best Payment Plugin for Stripe & PayPal [payment-page] < 1.1.1 WordPress Payment Page plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Payment Page plugin (versions <= 1.1).
Affected versions: max 1.1.1.
Status: vulnerable