Untriaged
Permalink
CVE-2023-51415
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.
References
- https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-… vdb-entry
- https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-… vdb-entry
- https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-… vdb-entry
- https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-… vdb-entry x_transferred
Affected products
give
- =<3.2.2
Matching in nixpkgs
pkgs.filegive
Easy p2p file sending program
-
nixos-unstable -
- nixpkgs-unstable 2022-05-29