{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T06:15:34.714","vulnerabilities":[{"cve":{"id":"CVE-2021-24315","sourceIdentifier":"contact@wpscan.com","published":"2021-05-17T17:15:08.357","lastModified":"2024-11-21T05:52:49.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues."},{"lang":"es","value":"El plugin de WordPress GiveWP – Donation Plugin and Fundraising Platform versiones anteriores a 2.10.4, no sanea ni escapa del campo Background Image de su Stripe Checkout Setting y el campo Logo en su configuración de correo electrónico, conllevando a problemas de tipo Cross-Site Scripting almacenado y no autenticado (admin+)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.10.4","matchCriteriaId":"44B45D72-1B30-489F-9456-2AEEE016D6DB"}]}]}],"references":[{"url":"https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}