Mollie Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2024-11684

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Kudos Donations – Easy Donations And Payments With Mollie
Vendor
CVE Published:
28 November 2024

Summary

The Kudos Donations plugin for WordPress has a vulnerability related to Reflected Cross-Site Scripting (XSS) due to improper input sanitization and output escaping. An attacker could exploit the vulnerability via the 's' parameter, enabling them to inject malicious scripts into web pages. This scenario becomes critical when an unsuspecting user interacts with a manipulated link, potentially leading to session hijacking or unauthorized actions. All versions up to and including 3.2.9 are affected, highlighting the importance of updating to version 3.3.0 or later to mitigate this risk.

Affected Version(s)

Kudos Donations – Easy donations and payments with Mollie * <= 3.2.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3197315/kudo...
https://plugins.trac.wordpress.org/changeset/3197315/kudo...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.