CVE-2024-12500

Name of the Vulnerable Software and Affected Versions Philantro – Donations and Donor Management plugin for WordPress versions up to, and including, 5.2

Description The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, such as "donate". This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For versions up to, and including, 5.2, update to a version that includes a fix for this issue, as the current version allows for the injection of arbitrary web scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.