The WooCommerce WordPress plugin prior to 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
woocommerce woocommerce