PatchSiren cyber security CVE debrief
CVE-2021-47983 mra13 CVE debrief
CVE-2021-47983 is a stored cross-site scripting (XSS) vulnerability in WordPress Plugin Stripe Payments version 2.0.39. The vulnerability allows authenticated attackers to inject malicious scripts through the `AcceptStripePayments-settings[currency_code]` parameter. Attackers can submit POST requests to `/wp-admin/options.php` with script payloads in the `currency_code` field to execute arbitrary JavaScript in administrator browsers when settings are viewed.
- Vendor
- mra13
- Product
- Accept Stripe Payments
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of WordPress Plugin Stripe Payments version 2.0.39 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.1 and a severity of MEDIUM. It requires authentication and user interaction to exploit.
Defensive priority
MEDIUM
Recommended defensive actions
- Update WordPress Plugin Stripe Payments to a version that is not vulnerable.
- Use a web application firewall to detect and prevent XSS attacks.
- Monitor your website for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-08T02:16:22.363Z and modified on 2026-06-08T14:59:44.750Z.
Official resources
CVE-2021-47983 was published on 2026-06-08T02:16:22.363Z and modified on 2026-06-08T14:59:44.750Z.