CVE-2024-11841

Name of the Vulnerable Software and Affected Versions Tithe.ly Giving Button WordPress plugin versions 1.1 and earlier

Description The issue concerns a Stored Cross-Site Scripting vulnerability. It arises because the plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For versions 1.1 and earlier, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the shortcode attributes until a patch is available. Additionally, restrict the role of users who can embed the shortcode to minimize the risk of exploitation.