WordPress GiveWP 漏洞列表

共找到 2 个与 WordPress GiveWP 相关的漏洞

📅 加载漏洞趋势中...

CVE-2021-25099: WordPress GiveWP <2.17.3 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: WordPress GiveWP

WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CVE-2021-25099: WordPress GiveWP <2.17.3 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: WordPress GiveWP

WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.