CVE-2024-10876

Published Nov 9, 2024

Last updated 5 days ago

CVSS medium 6.1

Overview

Description
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10876 (Published: 2024-11-09) affects Charitable plugin versions prior to 1.8.2. This high-severity vulnerability can be exploited in admin donation management. 🔒 Remediation: Update to the latest version to secure your site! More info: https://t.co/HDKKis6lXA

    @transilienceai

    11 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10876 (Published: 2024-11-09) - A high-severity vulnerability in Charitable plugin versions prior to 1.8.2 allows exploitation. Users are urged to update to the latest version to mitigate risks. For more details, check the code here: https://t.co/HDKKis6lXA #WordPress

    @transilienceai

    9 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10876 (Published: 2024-11-09) - A high-severity vulnerability in Charitable plugin versions prior to 1.8.2. This issue affects donation management. 🛠️ Remediation: Update to the latest version to secure your site! More info: https://t.co/HDKKis6lXA #WordPress… https:

    @transilienceai

    9 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10876 (Published: 2024-11-09) - High severity vulnerability in Charitable plugin (versions prior to 1.8.2). Exploitation could lead to unauthorized access. 🔒 Remediation: Update to the latest version to secure your site! More info: [Charitable… https://t.co/HiggyPv1t

    @transilienceai

    9 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10876 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due … https://t.co/0Lwa6OJnHn

    @CVEnew

    9 Nov 2024

    314 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References