Stored Cross-Site Scripting Vulnerability in Tithe.ly Giving Button for WordPress
CVE-2024-11841

Currently unrated

Key Information:

Vendor: Wordpress
Status: Tithe.ly Giving Button
Vendor: CVE Published:; 16 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-11841?

CVE-2024-11841 represents a serious security vulnerability within the Tithe.ly Giving Button WordPress plugin, specifically versions up to 1.1. The vulnerability arises from inadequate validation and escaping of shortcode attributes prior to output. This oversight allows authenticated users with contributor-level permissions or higher to inject malicious scripts into posts or pages, leading to stored cross-site scripting (XSS) attacks. The impact of such a vulnerability can result in the execution of arbitrary scripts in the context of the affected user’s session, facilitating data theft, session hijacking, or further exploitation of website components.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tithe.ly Giving Button 0 <= 1.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-11841 - Proof of Concept

References

https://wpscan.com/vulnerability/e344c722-c9b3-4527-a50d-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Dec 16, 2024
👾
Exploit known to exist
Dec 16, 2024
Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Nov 26, 2024

Credit

Bob Matyas

WPScan

JSON

Wordpress