Skip to main content

Woocommerce Placetopay Gateway Belice

1 CVEs product

Monthly

CVE-2026-11324 MEDIUM This Month

Reflected Cross-Site Scripting in the WooCommerce PlacetoPay Gateway family of plugins (all regional Evertec variants) allows unauthenticated network-based attackers to inject and execute arbitrary JavaScript in victims' browsers by abusing the unsanitized 'redirect-url' parameter - confirmed in versions up to and including 3.2.2 across at least six regional plugin variants (Colombia, Ecuador, Honduras, Uruguay, Belice, and base). Exploitation requires the attacker to socially engineer a victim into clicking a crafted link; no patch version has been identified in the available data, as the most recent release (3.2.2, dated 2026-04-22) addresses only a tax-validation issue and not this XSS. No public exploit code or CISA KEV listing identified at time of analysis.

WordPress XSS Woocommerce Placetopay Gateway Belice Woocommerce Placetopay Gateway Ecuador Woocommerce Placetopay Gateway Colombia +3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting in the WooCommerce PlacetoPay Gateway family of plugins (all regional Evertec variants) allows unauthenticated network-based attackers to inject and execute arbitrary JavaScript in victims' browsers by abusing the unsanitized 'redirect-url' parameter - confirmed in versions up to and including 3.2.2 across at least six regional plugin variants (Colombia, Ecuador, Honduras, Uruguay, Belice, and base). Exploitation requires the attacker to socially engineer a victim into clicking a crafted link; no patch version has been identified in the available data, as the most recent release (3.2.2, dated 2026-04-22) addresses only a tax-validation issue and not this XSS. No public exploit code or CISA KEV listing identified at time of analysis.

WordPress XSS Woocommerce Placetopay Gateway Belice +5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy