First published: Mon Nov 28 2022(Updated: )
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Donations Via Paypal | <1.9.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Donations via PayPal WordPress plugin is CVE-2022-3822.
The severity of CVE-2022-3822 is medium (4.8).
The affected software version of CVE-2022-3822 is Donations via PayPal WordPress plugin before 1.9.9.
The vulnerability CVE-2022-3822 can be exploited by high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Yes, the fix for CVE-2022-3822 is to update the Donations via PayPal WordPress plugin to version 1.9.9 or newer.