CVE-2021-24815

CWE-79Cross-site Scripting (XSS)CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 57.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Accept Donations With PaypalWpplugin Accept Donations With Paypal
Timeline
PublishedNov 17
Latest updateMay 24

Description

The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/accept_donations_with_paypal1.3.21.3.2

🔴Vulnerability Details

2
GHSA
GHSA-f22j-qf79-3jj5: The Accept Donations with PayPal WordPress plugin before 12022-05-24
CVEList
Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting2021-11-17
CVE-2021-24815 (MEDIUM CVSS 4.8) | The Accept Donations with PayPal Wo | cvebase.io