Mollie Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2024-11684

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Kudos Donations – Easy Donations And Payments With Mollie
Vendor: CVE Published:; 28 November 2024

What is CVE-2024-11684?

The Kudos Donations plugin for WordPress has a vulnerability related to Reflected Cross-Site Scripting (XSS) due to improper input sanitization and output escaping. An attacker could exploit the vulnerability via the 's' parameter, enabling them to inject malicious scripts into web pages. This scenario becomes critical when an unsuspecting user interacts with a manipulated link, potentially leading to session hijacking or unauthorized actions. All versions up to and including 3.2.9 are affected, highlighting the importance of updating to version 3.3.0 or later to mitigate this risk.

Affected Version(s)

Kudos Donations – Easy donations and payments with Mollie * <= 3.2.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3197315/kudo...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 25, 2024

Credit

Dale Mavers