CVE-2024-10851

Published Nov 13, 2024

Last updated 4 days ago

CVSS medium 6.1

Overview

Description
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-10851 The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without app… https://t.co/5xa51ImEPi

    @CVEnew

    13 Nov 2024

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10851 (Published: 2024-11-13) - High severity vulnerability in Razorpay Payment Button plugin (versions prior to 2.4.6). Exploitation could lead to serious security risks. 🚫💻 Remediation: Update to the latest version to safeguard your site! 🔒 More info:… https://t.

    @transilienceai

    13 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10851 (Published: 2024-11-13) - High severity vulnerability in Razorpay Payment Button plugin (versions prior to 2.4.6). Exploitation could lead to serious security risks. 🔒 Remediation: Update to the latest version to safeguard your site! More info: [Razorpay… https

    @transilienceai

    13 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10851 (Published: 2024-11-13) - High severity vulnerability in Razorpay Payment Button plugin (versions prior to 2.4.6). Ensure your site is updated to the latest version to mitigate risks. Check the details here: https://t.co/yAVUpfiQAI #CyberSecurity

    @transilienceai

    13 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References