Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
AnalysisAI
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin Affected products include: Wpeasypay Wp Easypay. Version information: before 4.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Wp Easypay
View allCross-site request forgery in the WP EasyPay WordPress plugin (versions through 4.4.0) enables remote attackers to perfo
The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a mi
WP EasyPay versions up to 4.2.11 contain an authorization bypass that allows authenticated users to modify plugin settin
WP EasyPay plugin through version 4.3.0 exposes sensitive information in sent data, allowing unauthenticated remote atta
The WP EasyPay - Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay - Square for WordPress plugin <= 4.1 versions.
Share
External POC / Exploit Code
Leaving vuln.today