First published: Mon Aug 01 2022(Updated: )
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Givewp Givewp | <2.21.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2215 is a vulnerability in the GiveWP WordPress plugin before version 2.21.3 that allows high privilege users to perform Stored Cross-Site Scripting (XSS) attacks.
CVE-2022-2215 allows high privilege users, such as admins, to exploit a vulnerability in the currency settings of GiveWP before version 2.21.3 and perform Stored Cross-Site Scripting (XSS) attacks, if the unfiltered_html capability is disallowed.
CVE-2022-2215 has a severity rating of medium with a CVSS score of 4.8.
To fix CVE-2022-2215 in the GiveWP WordPress plugin, you should update to version 2.21.3 or later.
You can find more information about CVE-2022-2215 at the following reference link: [https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb]