2 matches found
CVE-2021-25099
CVE-2021-25099 affects WordPress GiveWP plugin before 2.17.3. The vulnerability is a reflected cross-site scripting (XSS) due to improper sanitization/escaping of the form_id parameter in the response of an unauthenticated request via the give_checkout_login AJAX action. The issue is present in v...
CVE-2021-25099 Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting...