cleantalk
Vulnerabilities and Security Researches

Payment forms, Buy now buttons and Invoicing System | GetPaid, CVE-2021-24369

CVE, Research URL

CVE-2021-24369

Home page URL

Security reports for Payment forms, Buy now buttons and Invoicing System | GetPaid

Application

Payment forms, Buy now buttons and Invoicing System | GetPaid

Published on
Jun 22, 2021
Research Description
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.
Affected versions
max 2.3.4.
Status
vulnerable
Previous vulnerability researches
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2021-47948) , May 12, 2026
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2021-24369) , Jun 06, 2024
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2024-43973) , Sep 01, 2024
New vulnerability
wpForo Forum (CVE-2026-40798) , May 12, 2026
Picture Gallery – Frontend Image Uploads, AJAX Photo List (CVE-2021-47951) , May 12, 2026
Amministrazione Aperta (CVE-2022-50956) , May 12, 2026
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2021-47922) , May 12, 2026
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026