QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24315

Published: May 17, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.

Vendor	Product	Versions
GiveWP	GiveWP – Donation Plugin and Fundraising Platform	affected `2.10.4 - < 2.10.4`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2

x_refsource_CONFIRM

https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.