cleantalk
Vulnerabilities and Security Researches

NOWPayments For WooCommerce, ca331f58f4c26dcd3ca933fda673bf6fd6c1dea4

CVE, Research URL

ca331f58f4c26dcd3ca933fda673bf6fd6c1dea4

Home page URL

Security reports for NOWPayments For WooCommerce

Application

NOWPayments For WooCommerce

Published on
Jul 18, 2023
Research Description
NOWPayments For WooCommerce [nowpayments-for-woocommerce] < 1.0.5 WordPress NOWPayments for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) Update the WordPress NOWPayments for WooCommerce plugin to the latest available version (at least 1.0.5). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress NOWPayments for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.5.
Affected versions
max 1.0.5.
Status
vulnerable
Previous vulnerability researches
NOWPayments For WooCommerce (ca331f58f4c26dcd3ca933fda673bf6fd6c1dea4) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System &#8211; Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026