Lucene search
Lana CodesWPEX-ID:61D5C9B8-5C21-4AB5-B31C-E13CA19EA25CHistoryNov 16, 2022 - 12:00 a.m.
Donation Button <= 4.0.0 - Contributor+ Stored XSS
2022-11-1600:00:00
Lana Codes
67
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Put the following shortcode in a blog post: [paypal_donation_button align='center" onmouseover="alert(1)']Related
wpvulndb
wpvulndb
Donation Button <= 4.0.0 - Contributor+ Stored XSS
2022-11-16 00:00:00
prion
prion
Cross site scripting
2022-12-12 18:15:00
cve
cve
CVE-2022-4005
2022-12-12 18:15:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Related for WPEX-ID:61D5C9B8-5C21-4AB5-B31C-E13CA19EA25C