The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is a third-party extension that allows users to process payments through Stripe. This vulnerability affects the plugin's handling of user input, specifically the 'failure_message' parameter, which can be exploited by attackers to inject arbitrary web scripts.
You're affected if you use Accept Stripe Payments Using Contact Form 7. Specific version info not stated in the advisory.
To fix this vulnerability, upgrade to a newer version of the plugin:
- Go to your WordPress dashboard, navigate to Plugins > Installed Plugins, find the Accept Stripe Payments Using Contact Form 7 plugin, and click "Update" to install the latest version.
Alternatively, if you cannot upgrade immediately, consider implementing immediate mitigations:
- Restrict access to the 'failure_message' parameter by removing or modifying it in your WordPress settings.