AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2024-5447 is a vulnerability found in the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin, specifically in versions up to 1.7. It's a Cross-Site Scripting (XSS) vulnerability, categorized as CWE-79. The vulnerability exists because the plugin doesn't properly sanitize and escape some of its settings. This allows high-privilege users, such as administrators, to inject malicious scripts into the website settings, leading to stored XSS attacks. These injected scripts can then be executed in the context of other users who visit the affected pages, potentially leading to data theft or other malicious activities.
- Description
- The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Source
- contact@wpscan.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mohsinrasool:paypal_pay_now\\,_buy_now\\,_donation_and_cart_buttons_shortcode:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "A28078A9-0A0F-4191-8C1C-54BE39B0EF6C",
"versionEndIncluding": "1.7"
}
],
"operator": "OR"
}
]
}
]