CVE-2021-24315

Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mai 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.

Produtos afetados

GiveWP · GiveWP – Donation Plugin and Fundraising Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2