CVE-2021-47983

Description

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-08 | Updated 2026-06-08 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Park Won Seok finder

References

www.exploit-db.com/exploits/49354 (ExploitDB-49354) exploit

wordpress.org/plugins/stripe-payments/ (Product Reference) product

www.vulncheck.com/...e-payments-stored-xss-via-currency-code (VulnCheck Advisory: WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code) third-party-advisory

cve.org (CVE-2021-47983)

nvd.nist.gov (CVE-2021-47983)

Download JSON