Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-47948
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-10 May, 2026 | 12:44
Updated At-10 May, 2026 | 12:44
Rejected At-
▼CVE Numbering Authority (CNA)
WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during payment form creation, which gets stored in the database and executed in the browser when the form is viewed.

Affected Products
Vendor
invoicing
Product
Payments Plugin GetPaid
Versions
Affected
  • 2.4.6
Problem Types
TypeCWE IDDescription
CWECWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Type: CWE
CWE ID: CWE-80
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Niraj Mahajan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/50246
exploit
https://wordpress.org/plugins/invoicing/
product
https://www.vulncheck.com/advisories/wordpress-getpaid-plugin-html-injection-via-help-text
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/50246
Resource:
exploit
Hyperlink: https://wordpress.org/plugins/invoicing/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/wordpress-getpaid-plugin-html-injection-via-help-text
Resource:
third-party-advisory
Details not found