VYPR

Stripe CLI

by Stripe

CVEs (4)

  • CVE-2018-19249HigJan 3, 2019
    risk 0.49cvss 7.5epss 0.01

    The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the…

  • CVE-2022-24753HigMar 9, 2022
    risk 0.43cvss 7.7epss 0.00

    Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and…

  • CVE-2022-50797MedFeb 1, 2026
    risk 0.42cvss 6.4epss 0.00

    Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session…

  • CVE-2024-45401Sep 5, 2024
    risk 0.00cvss epss 0.00

    stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or…