cleantalk
Vulnerabilities and Security Researches

WooPayments: Integrated WooCommerce Payments, CVE-2023-49828

CVE, Research URL

CVE-2023-49828

Home page URL

Security reports for WooPayments: Integrated WooCommerce Payments

Application

WooPayments: Integrated WooCommerce Payments

Published on
Dec 14, 2023
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.
Affected versions
Min -, max 6.5.0.
Status
vulnerable
Previous vulnerability researches
WooPayments: Integrated WooCommerce Payments (1ad997f7b769fb925cf6bedd63b85b914e27cfc8) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-28121) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35915) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-35916) , Jun 07, 2024
WooPayments: Integrated WooCommerce Payments (CVE-2023-51503) , Jun 07, 2024
New vulnerability
Click & Pledge Connect Plugin (CVE-2025-28983) , Jul 07, 2025
Posts Slider Shortcode (CVE-2025-30943) , Jul 07, 2025
Leyka (CVE-2025-52805) , Jul 07, 2025
Paytiko for WooCommerce (CVE-2025-50032) , Jul 07, 2025
Easy restaurant menu manager (CVE-2025-6673) , Jul 07, 2025