Accept Stripe Payments, CVE-2021-47983
- CVE, Research URL
- Home page URL
- Application
- Published on
- Jun 08, 2026
- Research Description
- WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed.
- Affected versions
-
max 2.0.39.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| RD Station (CVE-2022-38139) , Jun 06, 2024 |
| RD Station (CVE-2026-49774) , Jun 09, 2026 |
| RD Station (CVE-2024-6894) , Sep 06, 2024 |