CVE-2021-39309

Name of the Vulnerable Software and Affected Versions: Parsian Bank Gateway for Woocommerce WordPress plugin versions up to and including 1.0

Description: The issue allows attackers to inject arbitrary web scripts due to a var dump() on $ POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file. This is a Reflected Cross-Site Scripting vulnerability via a parameter.

Recommendations: For versions up to and including 1.0, update to a version that fixes this issue, as the current version allows for the injection of arbitrary web scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.