CVE-2024-3594

🗓️ 23 May 2024 06:00:02Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 5684 Views🌐 WEB

IDonate plugin vulnerability in WordPress 1.9.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-3594	20 Mar 202519:18	–	circl
CNNVD	WordPress plugin IDonate 安全漏洞	23 May 202400:00	–	cnnvd
Cvelist	CVE-2024-3594 IDonate <= 1.9.0 - Admin+ Stored XSS	23 May 202406:00	–	cvelist
EUVD	EUVD-2024-32173	3 Oct 202520:07	–	euvd
NVD	CVE-2024-3594	23 May 202406:15	–	nvd
OSV	CVE-2024-3594	23 May 202406:15	–	osv
Patchstack	WordPress IDonate Plugin < 2.0.0 is vulnerable to Cross Site Scripting (XSS)	1 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-26791 · WordPress · Idonate	23 May 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-3594 IDonate <= 1.9.0 - Admin+ Stored XSS	23 May 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)	9 May 202416:49	–	wordfence

NVD

Vulners

Node

themeatelier idonateRange<2.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "IDonate ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.9.0"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7a8a834a-e5d7-4678-9d35-4390d1200437/

Parameter	Position	Path	Description	CWE
recaptcha_secret_key	request body	/wp-admin/admin.php?page=idonate-setting-admin	Stored XSS vulnerability via unsanitized settings in the Idonate WordPress plugin; attacker with high privileges can inject XSS payload when saving settings.	CWE-79
recaptcha_site_key	request body	/wp-admin/admin.php?page=idonate-setting-admin	Stored XSS vulnerability via unsanitized settings in the Idonate WordPress plugin; attacker with high privileges can inject XSS payload when saving settings.	CWE-79

21 May 2025 19:03Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.18.7

EPSS0.00995

SSVC

CWE-79