- Description
- The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-11607 Stored XSS in GTPayment Donations WordPress Plugin via CSRF Flaw The GTPayment Donations WordPress plugin until version 1.0.0 has a weakness. It doesn’t have a CSRF check in some areas. It also mis... https://t.co/KYIEOPjVON
@VulmonFeeds
21 Dec 2024
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11607 The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow att… https://t.co/dlXLRMeUCL
@CVEnew
21 Dec 2024
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes