What is CVE-2021-24570?

CVE-2021-24570 is a vulnerability in the Accept Donations with PayPal WordPress plugin before version 1.3.1.

What is the severity of CVE-2021-24570?

CVE-2021-24570 has a severity keyword of 'medium' and a severity value of 4.3.

Is there a fix available for CVE-2021-24570?

Yes, upgrading to Accept Donations with PayPal WordPress plugin version 1.3.1 or newer fixes CVE-2021-24570.

Vulnerability/
CVE-2021-24570

medium

4.3

CWE

352 79

1/11/2021

3/8/2024

CVE-2021-24570: Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting

Q: How does CVE-2021-24570 affect the Accept Donations with PayPal WordPress plugin?

CVE-2021-24570 affects the Accept Donations with PayPal WordPress plugin version before 1.3.1.

Q: Where can I find more information about CVE-2021-24570?

You can find more information about CVE-2021-24570 at the following references: [Reference 1](https://plugins.trac.wordpress.org/changeset/2608073/) and [Reference 2](https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87).

First published: Mon Nov 01 2021(Updated: )

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
Wpplugin Accept Donations With Paypal	<1.3.1

Remedy

https://plugins.trac.wordpress.org/changeset/2608073/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-24570?
CVE-2021-24570 is a vulnerability in the Accept Donations with PayPal WordPress plugin before version 1.3.1.
What is the severity of CVE-2021-24570?
CVE-2021-24570 has a severity keyword of 'medium' and a severity value of 4.3.
How does CVE-2021-24570 affect the Accept Donations with PayPal WordPress plugin?
CVE-2021-24570 affects the Accept Donations with PayPal WordPress plugin version before 1.3.1.
Is there a fix available for CVE-2021-24570?
Yes, upgrading to Accept Donations with PayPal WordPress plugin version 1.3.1 or newer fixes CVE-2021-24570.
Where can I find more information about CVE-2021-24570?
You can find more information about CVE-2021-24570 at the following references: [Reference 1](https://plugins.trac.wordpress.org/changeset/2608073/) and [Reference 2](https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87).

collector/nvd-index
agent/weakness
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/title
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/wpplugin
canonical/wpplugin accept donations with paypal

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.