VYPR
Vendor

Stripe

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2021-21420HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary…

  • CVE-2018-19249HigJan 3, 2019
    risk 0.49cvss 7.5epss 0.01

    The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the…

  • CVE-2022-24753HigMar 9, 2022
    risk 0.43cvss 7.7epss 0.00

    Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and…

  • CVE-2022-50797MedFeb 1, 2026
    risk 0.42cvss 6.4epss 0.00

    Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session…

  • CVE-2024-7353MedAug 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-45401Sep 5, 2024
    risk 0.00cvss epss 0.00

    stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or…