WP Stripe Checkout <= 1.2.2.20 is vulnerable to Auth. Stored Cross-Site Scripting (XSS) vulnerability

The WP Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shortcodes in the wp_stripe_checkout. This results in a vulnerability in the ‘wp_stripe_checkout_legacy_checkout_button_handler’ function in versions up to, and including, 1.2.2.20 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.