CVE-2024-5448 Vulnerability Details

  /     /     /  

CVE-2024-5448 Metadata Quick Info

CVE Published: 21/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: WPScan | Vendor: Unknown | Product: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Status : PUBLISHED

---

CVE-2024-5448 Description

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-79 Cross-Site Scripting (XSS)
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).