CVE-2021-25099

Name of the Vulnerable Software and Affected Versions GiveWP WordPress plugin versions prior to 2.17.3

Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the form id parameter is not properly sanitised and escaped before being output in the response to an unauthenticated request. This request is made via the give checkout login AJAX action.

Recommendations For versions prior to 2.17.3, update to version 2.17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the give checkout login AJAX action to prevent unauthenticated requests.