CVE-2024-11921 Scanner

Give WP Plugin is a WordPress donation plugin widely used by non-profits, charities, and individuals to manage fundraising campaigns. It provides features for accepting online donations, tracking contributors, and integrating with multiple payment gateways. The plugin is a popular choice for building professional fundraising platforms.

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can lead to session hijacking, data theft, or unauthorized actions within the affected application. In this case, the vulnerability is caused by improper sanitization and escaping of user input.

The vulnerability in the Give WP Plugin exists in a parameter used in the administration pages. Unsanitized and improperly escaped input allows attackers to insert malicious scripts that execute in the context of the affected user, particularly administrators. The issue affects versions below 3.19.0.

If exploited, this vulnerability can enable attackers to perform unauthorized actions, steal sensitive information, or compromise administrator accounts. Malicious actors could also leverage the flaw to alter the configuration or content of the fundraising platform.

REFERENCES

• https://wpscan.com/vulnerability/5f196294-5ba9-45b6-a27c-ab1702cc001f/
• https://nvd.nist.gov/vuln/detail/CVE-2024-11921