CVE-2022-50797
Persistent XSS in Stripe Green Downloads WordPress Plugin
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| halfdata | stripe_green_downloads | 2.03 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50797 is a persistent cross-site scripting (XSS) vulnerability in the Stripe Green Downloads WordPress Plugin version 2.03. It allows remote attackers with authenticated, low-privilege (moderator-level) access to inject malicious scripts into button label fields within the plugin's settings. These scripts persist on the server and execute in the admin panel's preview context, enabling attackers to hijack user sessions, manipulate application modules, perform phishing attacks, and redirect users to malicious sites. [1, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to session hijacking, allowing attackers to take over user sessions. It also enables manipulation of application modules, non-persistent phishing attacks, and redirection to malicious external sites. Since the malicious scripts persist, attackers can maintain long-term access and control within the affected WordPress installation, compromising confidentiality and integrity of the system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for persistent cross-site scripting (XSS) in the Stripe Green Downloads WordPress Plugin version 2.03, specifically by testing the input fields in the admin panel's settings for the button labels. The vulnerable parameters are `idcore-button-label`, `idcore-button-label-processing`, and `idcore-button-label-download`. Detection involves sending POST requests with script payloads to these parameters via AJAX to `/stripe/script/ajax.php` and observing if the scripts persist and execute in the preview context at `/stripe/script/?page=idcore-settings`. Example detection commands could include using curl to send POST requests with test scripts to these parameters and then verifying if the scripts appear in the admin preview page. For example: `curl -X POST -d "idcore-button-label=<script>alert(1)</script>" https://your-site.com/stripe/script/ajax.php` followed by checking the preview page for script execution. Note that authenticated access with moderator privileges is required to perform these tests. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting access to the admin panel to trusted users only, especially limiting moderator-level privileges to prevent unauthorized script injection. 2) Avoid using or updating the Stripe Green Downloads WordPress Plugin version 2.03 until a patched version is available. 3) If possible, apply input validation or sanitization on the affected input fields (`idcore-button-label`, `idcore-button-label-processing`, `idcore-button-label-download`) to prevent script injection. 4) Monitor and audit plugin settings for any suspicious or unexpected script content in button label fields. 5) Consider disabling or removing the plugin temporarily to prevent exploitation. These steps help reduce the risk of persistent XSS exploitation leading to session hijacking and application manipulation. [1, 3]