← back
CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N