Description
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-23788 | The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
References
History
Thu, 30 Jan 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-01-30T14:58:36.577Z
Reserved: 2023-03-21T21:44:46.824Z
Link: CVE-2023-1554
Updated: 2024-08-02T05:49:11.675Z
Status : Modified
Published: 2023-05-02T08:15:10.023
Modified: 2026-06-17T05:28:14.650
Link: CVE-2023-1554
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD