CVE-2024-7353
Description
The Accept Stripe Payments plugin for WordPress (<=2.0.86) has a stored XSS vulnerability in its shortcode, allowing authenticated contributors to inject arbitrary scripts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Accept Stripe Payments plugin for WordPress (<=2.0.86) has a stored XSS vulnerability in its shortcode, allowing authenticated contributors to inject arbitrary scripts.
The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the accept_stripe_payment_ng shortcode in versions up to 2.0.86 [1]. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes, allowing attackers to inject arbitrary web scripts.
Exploitation requires authenticated access with contributor-level privileges or higher. An attacker can inject malicious scripts via the shortcode attributes, which are stored and executed when any user visits the affected page.
Successful exploitation enables the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, defacement, or redirection to malicious sites [1].
Users are advised to update to the latest version of the plugin (2.0.87 or later) to mitigate this vulnerability. Administrators should also review user roles and permissions to limit contributor access where not required.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.0.86
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.