Vulnerabilities > CVE-2021-24570 - Unspecified vulnerability in Wpplugin Accept Donations With Paypal

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpplugin

NVD

Published: 2021-11-01

Updated: 2024-11-21

Summary

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.

Vulnerable Configurations

Part	Description	Count
Application	Wpplugin Wpplugin Accept Donations With Paypal - Wpplugin Accept Donations With Paypal 1.0 Wpplugin Accept Donations With Paypal 1.1 Wpplugin Accept Donations With Paypal 1.2 Wpplugin Accept Donations With Paypal 1.2.1 Wpplugin Accept Donations With Paypal 1.2.2 Wpplugin Accept Donations With Paypal 1.2.3 Wpplugin Accept Donations With Paypal 1.2.4 Wpplugin Accept Donations With Paypal 1.2.5 Wpplugin Accept Donations With Paypal 1.2.6 Wpplugin Accept Donations With Paypal 1.2.7 Wpplugin Accept Donations With Paypal 1.2.8 Wpplugin Accept Donations With Paypal 1.2.9 Wpplugin Accept Donations With Paypal 1.3	14

Summary

Vulnerable Configurations

References