Stored Cross-Site Scripting Vulnerability in WP Church Donation Plugin by WordPress
CVE-2024-13690
7.2HIGH
What is CVE-2024-13690?
The WP Church Donation plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability caused by inadequate input sanitization in donation form submission parameters. As a result, unauthenticated attackers can exploit this weakness to inject malicious web scripts. These scripts can run on affected pages, potentially harming users by executing unwanted actions when they load the compromised pages.
Affected Version(s)
WP Church Donation * <= 1.7