AI description
CVE-2024-5447 is a vulnerability found in the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin, specifically in versions up to 1.7. It's a Cross-Site Scripting (XSS) vulnerability, categorized as CWE-79. The vulnerability exists because the plugin doesn't properly sanitize and escape some of its settings. This allows high-privilege users, such as administrators, to inject malicious scripts into the website settings, leading to stored XSS attacks. These injected scripts can then be executed in the context of other users who visit the affected pages, potentially leading to data theft or other malicious activities.
- Description
- The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Source
- contact@wpscan.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-5447
@transilienceai
2 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Looking for some Friday/Weekend reading? Just published a new (guest) blog post by Noah Gregory (@wtsdev), that dives into the technical details of a neat bug (CVE-2024-5447) he uncovered on macOS 🍎🐛 Read: "Leaking Passwords (and more!) on macOS": https://t.co/NoV7Fw8ZJU
@objective_see
21 Mar 2025
5224 Impressions
14 Retweets
52 Likes
18 Bookmarks
0 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mohsinrasool:paypal_pay_now\\,_buy_now\\,_donation_and_cart_buttons_shortcode:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "A28078A9-0A0F-4191-8C1C-54BE39B0EF6C",
"versionEndIncluding": "1.7"
}
],
"operator": "OR"
}
]
}
]