Lucene search

CVE-2024-5447

🗓️ 21 Jun 2024 06:12:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin in WordPress 1.7 is vulnerable to Stored Cross-Site Scripting attack

Reporter	Title	Published	Views	Family All 5
NVD	CVE-2024-5447	21 Jun 202406:15	–	nvd
wpexploit	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS	31 May 202400:00	–	wpexploit
Cvelist	CVE-2024-5447 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS	21 Jun 202406:00	–	cvelist
WPVulnDB	PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS	31 May 202400:00	–	wpvulndb
Vulnrichment	CVE-2024-5447 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS	21 Jun 202406:00	–	vulnrichment

Nvd

Vulners

Vulnrichment

Node

mohsinrasool paypal_pay_now\,_buy_now\,_donation_and_cart_buttons_shortcodeRange≤1.7wordpress

[
  {
    "vendor": "Unknown",
    "product": "PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.7"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/a692b869-1666-42d1-b56d-dfcccd68ab67/

Parameter	Position	Path	Description	CWE
Business/Product Name	request body	/wp-admin/options-general.php?page=wpdev-paypal-button	Stored Cross-Site Scripting vulnerability allowing the execution of arbitrary JavaScript code.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Jun 2024 06:15Current

4.7Medium risk

Vulners AI Score4.7

CVSS34.8

EPSS0.00045

SSVC

CWE-79