cve/CVE-2021-24570.md at b50325b7a339fb96f218f7b1a001c5a2ad067468

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.

POC

Reference

https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87

Github

https://github.com/20142995/nuclei-templates

1.1 KiB Raw Blame History

CVE-2021-24570

Description

POC

Reference

Github

1.1 KiB

Raw Blame History