Cross-site Scripting Vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on
CVE-2025-47518

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Contact Form 7 – Paypal & Stripe Add-on
Vendor: CVE Published:; 7 May 2025

Summary

The Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contains a vulnerability that enables improper handling of user input during web page generation, which can lead to stored cross-site scripting (XSS) attacks. This security flaw allows malicious users to inject scripts that may execute in the context of other users visiting affected pages, which could result in unauthorized actions or data exposure. Effective security measures should be implemented to mitigate this risk and protect users from potential attacks.

Affected Version(s)

Contact Form 7 – PayPal & Stripe Add-on <= 2.3.4

References

https://patchstack.com/database/wordpress/plugin/contact-...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Nabil Irawan (Patchstack Alliance)