Doneren met Mollie < 2.10.3 – Unauthenticated Reflected Cross-Site Scripting via search | CVE 2024-29767 | Plugin Vulnerabilities

Description

The Doneren met Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in versions up to, and including, 2.10.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

doneren-met-mollie

Fixed in 2.10.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/8f494ca7-3f2f-4535-92ff-1ed5c469bf45

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dimas Maulana

Verified

No

WPVDB ID

c3710ce0-5e41-4239-8230-a1f0238c7d7f

Timeline

Publicly Published

2024-03-25 (about 2 years ago)

Added

2024-03-29 (about 2 years ago)

Last Updated

2024-03-29 (about 2 years ago)

Other

Published

Title

Published

2021-10-05

Title

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

Published

2025-09-05

Title

코드엠샵 소셜톡 <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-09-22

Title

Epeken All Kurir <= 2.0.6 - Shop manager+ Stored XSS

Published

2025-09-29

Title

GutenBee – Gutenberg Blocks < 2.18.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-10-14

Title

WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting