Loading market data...
← Back to CVE feed

CVE-2021-47983

MEDIUM CVSS 6.4 View on NVD ↗

Description

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Published: Jun 08, 2026 02:16 UTC Modified: Jun 08, 2026 14:59 UTC