CVE-2021-24315

Summary

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.

Affected Software

VendorProductVersion RangeStatus
GiveWPGiveWP – Donation Plugin and Fundraising Platform2.10.4 < 2.10.4affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References