MEDIUM
evertec
CVE published 2026-07-17
CVE-2026-11324
The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'redirect-url' parameter in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This vulnerability has a CVSS score of 6.1 and is considered Medium severity. Users of these plugins should be aware of this vulnerability [truncated]