Lucene search
WPScanCVELIST:CVE-2021-25099HistoryFeb 21, 2022 - 10:45 a.m.
CVE-2021-25099 Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
2022-02-2110:45:53
CWE-79
WPScan
www.cve.org
1
cve-2021-25099
givewp
wordpress plugin
unauthenticated
reflected cross-site scripting
ajax action
security vulnerability
EPSS
0.001
Percentile
41.5%
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
CNA Affected
[
{
"product": "GiveWP – Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
]Related
nuclei
nuclei
WordPress GiveWP <2.17.3 - Cross-Site Scripting
2022-12-12 16:23:16
patchstack
patchstack
nvd
nvd
CVE-2021-25099
2022-02-21 11:15:08
cve
cve
CVE-2021-25099
2022-02-21 11:15:08
prion
prion
Cross site scripting
2022-02-21 11:15:00
wpvulndb
wpvulndb
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
2022-01-18 00:00:00
wpexploit
wpexploit
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
2022-01-18 00:00:00
openvas
openvas
WordPress GiveWP Plugin < 2.17.3 Multiple Vulnerabilities
2022-03-01 00:00:00