Lucene search

[email protected]NVD:CVE-2021-24315

HistoryMay 17, 2021 - 5:15 p.m.

CVE-2021-24315

2021-05-1717:15:08

CWE-79

[email protected]

web.nvd.nist.gov

givewp

wordpress plugin

2.10.4

stored xss

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.

Affected configurations

Nvd

Node

givewpgivewpRange<2.10.4wordpress

VendorProductVersionCPE
givewpgivewp*cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
givewp	givewp	*	cpe:2.3:a:givewp:givewp::::::wordpress::*

References

m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt

wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

Related for NVD:CVE-2021-24315

wpvulndb1 openvas1 cve1 prion1 wpexploit1 cvelist1