Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin prior to 0.1.6.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
woocommerce sagepay direct payment gateway project woocommerce sagepay direct payment gateway |