Stored Cross-Site Scripting Vulnerability in WP Express Checkout for WordPress

CVE-2023-1469

What is CVE-2023-1469?

The WP Express Checkout plugin for WordPress contains a Stored Cross-Site Scripting vulnerability through the 'pec_coupon[code]' parameter. This flaw arises from inadequate input sanitization and output escaping in versions up to and including 2.2.8. Authenticated attackers with administrator-level access can exploit this vulnerability to inject arbitrary web scripts, which will execute when users access the compromised pages. Furthermore, given the right permissions, lower-privileged users may also be able to exploit this vulnerability if the 'Admin Dashboard Access Permission' setting is configured to allow them dashboard access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References