CVE Published: 27/02/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: WPScan |
Vendor: Unknown |
Product: Donation Block For PayPal Status : PUBLISHED
CVE-2023-0535 Description
The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.