The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
Summary | The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. |
Information
Published : 2021-08-23 12:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24524
Mitre link : CVE-2021-24524
CVE.ORG link : CVE-2021-24524
JSON object : View
Products Affected
givewp
- givewp
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')