Austin Bentley

Name of the Vulnerable Software and Affected Versions: OpenID Connect Generic Client WordPress plugin versions 3.8.0 through 3.8.1 Description: The issue is related to a reflected Cross-Site Scripting problem. It occurs because the login error is not properly sanitized when output back in the login form. This issue can be exploited without authentication and with the default configuration. Recommendations: For versions 3.8.0 and 3.8.1, update to a version that addresses this issue, as the current versions do not properly sanitise the login error, leading to a reflected Cross-Site Scripting issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 2.10.0 Description: The issue is related to a reflected Cross-Site Scripting vulnerability inside the administration panel. This vulnerability can be exploited via the `s` GET parameter on the "Donors" page. Recommendations: For versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Donors page in the administration panel until the update is applied. Avoid using the `s` GET parameter in the affected page until the issue is resolved.