Reflected XSS Vulnerability in Doneren met Mollie
CVE-2024-29767

7.1HIGH

Key Information:

Vendor: WordPress
Status: Doneren Met Mollie
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-29767?

The vulnerability allows malicious actors to exploit improper input neutralization during web page generation within the Doneren met Mollie plugin developed by Wobbie.Nl. This results in reflected Cross-site Scripting (XSS), enabling attackers to inject arbitrary scripts into web pages viewed by users. Any visitor utilizing affected versions from n/a through 2.10.2 may become a target for this type of attack, which can lead to unauthorized actions taken on behalf of the user or data theft. It is essential for users of the plugin to upgrade to a secure version to mitigate these risks.

Affected Version(s)

Doneren met Mollie <= 2.10.2

References

https://patchstack.com/database/vulnerability/doneren-met...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Dimas Maulana (Patchstack Alliance)