PT-2022-13856 · WordPress · Donorbox
Hassan Khan Yusufzai
+1
·
Published
2022-04-25
·
Updated
2022-05-05
·
CVE-2022-1396
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Donorbox WordPress plugin versions prior to 7.1.7
Description
The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Campaign URL settings are not properly sanitised and escaped before being outputted in an attribute. This can happen even when the unfiltered html capability is disallowed.
Recommendations
For Donorbox WordPress plugin versions prior to 7.1.7, update to version 7.1.7 or later to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Donorbox