WordPress Paytm Payment Donation Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28535
7.1HIGH
What is CVE-2023-28535?
The Paytm Payment Donation Plugin, versions up to 2.2.0, contains an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability. This allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to data theft or unauthorized actions on behalf of users. Proper validation and sanitization mechanisms are essential to prevent exploitation of this vulnerability.
Affected Version(s)
Paytm Payment Donation <= 2.2.0