CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
What the vulnerability does
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
Explanation of Vulnerability in Simple Terms
Stripe Green Downloads versions 2.03 and earlier contain a cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers when they interact with affected pages. The vulnerability requires user interaction to trigger. This allows attackers to steal session tokens, redirect users, or perform actions on their behalf.
What an attacker can do
Inject and execute malicious JavaScript in other users' browsers to steal data or perform unauthorized actions.
Potential impact on your site
Users' accounts and data are at risk if they interact with attacker-controlled content while logged in.
Conditions required to exploit
Attacker must have low-level authenticated access and the victim must click a malicious link or visit a crafted page.
Key dates
External resources
Related vulnerabilities
