cleantalk
Vulnerabilities and Security Researches

Payment Page | Best Payment Plugin for Stripe & PayPal, CVE-2026-0751

CVE, Research URL

CVE-2026-0751

Home page URL

Security reports for Payment Page | Best Payment Plugin for Stripe & PayPal

Application

Payment Page | Best Payment Plugin for Stripe & PayPal

Published on
Feb 14, 2026
Research Description
The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricing_plan_select_text_font_family' parameter in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.4.7.
Status
vulnerable
Previous vulnerability researches
Beebee Mini (CVE-2022-2594) , Jun 07, 2024
New vulnerability
WP YouTube Lyte (CVE-2026-3299) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-13364) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-39492) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-0548) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-40740) , Apr 16, 2026