CVE-2021-24315: XSS
First published: Mon May 17 2021(Updated: )
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Givewp Givewp | <2.10.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24315?
CVE-2021-24315 is a vulnerability in the GiveWP - Donation Plugin and Fundraising Platform WordPress plugin.
What is the severity of CVE-2021-24315?
The severity of CVE-2021-24315 is medium with a CVSS score of 4.8.
How does CVE-2021-24315 impact the GiveWP plugin?
CVE-2021-24315 allows authenticated (admin+) users to exploit Stored XSS issues by not sanitizing or escaping the Background Image field of the Stripe Checkout Setting and Logo field in the Email settings.
Is there a fix or patch available for CVE-2021-24315?
Yes, the vulnerability has been fixed in version 2.10.4 of the GiveWP plugin.
Where can I find more information about CVE-2021-24315?
You can find more information about CVE-2021-24315 in the following references: [link1](https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt) [link2](https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2)
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/givewp
- canonical/givewp givewp