CVE-2021-47948

Name of the Vulnerable Software and Affected Versions GetPaid Plugin version 2.4.6

Description An HTML injection issue allows authenticated attackers to inject arbitrary HTML code, including image tags and scripts, by exploiting the Help Text field in payment forms. The injected code is stored in the database and executed in the browser when the form is viewed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.