CVE-2024-11879 - Vulnerability Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53752. Reason: This candidate is a reservation duplicate of CVE-2024-53752. Notes: All CVE users should reference CVE-2024-53752 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

No reference.

History

Mon, 17 Mar 2025 06:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79
References	https://plugins.trac.wordpress.org/browser/bin-stripe-donation/trunk/module/shortcode.php#L32 https://www.wordfence.com/threat-intel/vulnerabilities/id/3a028937-38bb-4c28-aaa1-60a86124c998?source=cve
Metrics	cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}`

Sun, 16 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Title	Stripe Donation <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 16 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description	The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53752. Reason: This candidate is a reservation duplicate of CVE-2024-53752. Notes: All CVE users should reference CVE-2024-53752 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Mon, 16 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 14 Dec 2024 04:45:00 +0000

Type	Values Removed	Values Added
Description		The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title		Stripe Donation <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Weaknesses		CWE-79
References		https://plugins.trac.wordpress.org/browser/bin-stripe-donation/trunk/module/shortcode.php#L32 https://www.wordfence.com/threat-intel/vulnerabilities/id/3a028937-38bb-4c28-aaa1-60a86124c998?source=cve
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}`

MITRE

Status: REJECTED

Assigner: Wordfence

Published: 2024-12-14T04:23:40.550Z

Updated: 2025-03-16T14:46:33.264Z

Reserved: 2024-11-27T15:35:35.611Z

Link: CVE-2024-11879

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-12-14T05:15:09.257

Modified: 2025-03-16T15:15:36.407

Link: CVE-2024-11879

Redhat

No data.

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object