Wp Express Checkout
Approved changes feed: RSS · Atom
cpe:2.3:a:tipsandtricks-hq:wp_express_checkout:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Tipsandtricks Hq (526308cc-12ad-5324-8e9d-ae125b4b0839) |
|---|---|
| Product | Wp Express Checkout (122d7c7a-34d5-5d4c-b66f-56f887596150) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/arsenal21/wp-express-checkout |
purl2cpe | 2026-06-01 10:12:34.965372 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-1469 |
vulnerable | 2026-06-03 14:48:55.587723 |
Details available
MEDIUM (4.4)
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.
Published: 2023-03-17T12:31:55.285Z
Updated: 2025-02-05T19:45:38.551Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.