Approved changes feed: RSS · Atom

cpe:2.3:a:mra13:wp_express_checkout_(accept_paypal_payments_easily):*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMra13 (fb07f8cb-eecb-5698-b4d4-35f7e4581496)
ProductWp Express Checkout (Accept Paypal Payments Easily) (f9920620-f3ab-54ce-bee9-8f8d8066e2e0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-1469 vulnerable 2026-06-08 05:52:35.957312 Details available
MEDIUM (4.4)
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.
Published: 2023-03-17T12:31:55.285Z
Updated: 2025-02-05T19:45:38.551Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.