CVE-2021-24524

Name of the Vulnerable Software and Affected Versions GiveWP – Donation Plugin and Fundraising Platform versions prior to 2.12.0

Description The issue allows high privilege users to use Cross-Site Scripting payloads in the Donation Level setting of its Donation Forms due to a lack of proper escaping. This could potentially lead to security issues, but specific details about the number of affected devices or real-world incidents are not provided.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Donation Forms for high privilege users until the update is applied.