First published: Mon Nov 01 2021(Updated: )
The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wpplugin Accept Donations With Paypal | <1.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24570 is a vulnerability in the Accept Donations with PayPal WordPress plugin before version 1.3.1.
CVE-2021-24570 has a severity keyword of 'medium' and a severity value of 4.3.
CVE-2021-24570 affects the Accept Donations with PayPal WordPress plugin version before 1.3.1.
Yes, upgrading to Accept Donations with PayPal WordPress plugin version 1.3.1 or newer fixes CVE-2021-24570.
You can find more information about CVE-2021-24570 at the following references: [Reference 1](https://plugins.trac.wordpress.org/changeset/2608073/) and [Reference 2](https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87).