The plugin does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.
1. Enable greenwallet-gateway as a woocommerce payment gateway
2. add something in your cart and visit the checkout page
3. visit website/checkoutpage/?error_envision=<script>alert(1)</script>