Lucene search
WPScanCVELIST:CVE-2021-24315HistoryMay 17, 2021 - 4:48 p.m.
CVE-2021-24315 Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
2021-05-1716:48:53
CWE-79
WPScan
www.cve.org
4
cve-2021-24315
givewp
donation plugin
authenticated
stored
cross-site scripting
xss
wordpress
stripe checkout
logo
email settings
EPSS
0.001
Percentile
21.8%
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
CNA Affected
[
{
"product": "GiveWP – Donation Plugin and Fundraising Platform",
"vendor": "GiveWP",
"versions": [
{
"lessThan": "2.10.4",
"status": "affected",
"version": "2.10.4",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-30 00:00:00
openvas
openvas
WordPress GiveWP Plugin < 2.10.4 XSS Vulnerability
2021-06-04 00:00:00
cve
cve
CVE-2021-24315
2021-05-17 17:15:08
wpexploit
wpexploit
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-30 00:00:00
nvd
nvd
CVE-2021-24315
2021-05-17 17:15:08
prion
prion
Cross site scripting
2021-05-17 17:15:00