Vulnerabilities and security researches forstripe-payments stripe-payments

Jun 07, 2024

CVE, Research URL: CVE-2022-2194
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: Jul 17, 2022
Research Description: The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 2.0.40.
Status: vulnerable

CVE, Research URL: CVE-2023-48285
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: Jun 04, 2024
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79.
Affected versions: max 2.0.80.
Status: vulnerable

CVE, Research URL: 5dc74d510fb6d6010cf36f962ca88e4e15744aec
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: Mar 14, 2022
Research Description: Accept Stripe Payments [stripe-payments] < 2.0.54 WordPress Accept Stripe Payments plugin <= 2.0.53 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Accept Stripe Payments plugin (versions <= 2.0.53).
Affected versions: max 2.0.54.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-48286
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79.
Affected versions: max 2.0.80.
Status: vulnerable

Aug 08, 2024

CVE, Research URL: CVE-2024-7353
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: Aug 07, 2024
Research Description: The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.0.87.
Status: vulnerable

Jun 02, 2026

CVE, Research URL: CVE-2026-42752
Home page URL: Security reports for Accept Stripe Payments
Application: Accept Stripe Payments
Date: -
Research Description: Accept Stripe Payments [stripe-payments] < 2.0.99 CVE-2026-42752
Affected versions: max 2.0.99.
Status: vulnerable