WordPress Plugin Vulnerabilities
Donation Button <= 4.0.0 - Contributor+ Stored XSS
Description
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Proof of Concept
Put the following shortcode in a blog post: [paypal_donation_button align='center" onmouseover="alert(1)']
Affects Plugins
No known fix - plugin closed
References
Classification
Miscellaneous
Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-11-16 (about 6 months ago)
Added
2022-11-16 (about 6 months ago)
Last Updated
2022-12-05 (about 5 months ago)