Cross-site Scripting Vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on
CVE-2025-47518
5.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 7 May 2025
What is CVE-2025-47518?
The Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contains a vulnerability that enables improper handling of user input during web page generation, which can lead to stored cross-site scripting (XSS) attacks. This security flaw allows malicious users to inject scripts that may execute in the context of other users visiting affected pages, which could result in unauthorized actions or data exposure. Effective security measures should be implemented to mitigate this risk and protect users from potential attacks.
Affected Version(s)
Contact Form 7 – PayPal & Stripe Add-on <= 2.3.4