CVE-2024-11607

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

21/12/2024

Last modified:

21/12/2024

Description

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/132b5193-156b-40b8-b5c7-08646e1f6866/