CVE-2024-11841

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 16, 2024

Summary

CVE-2024-11841 is a stored cross-site scripting (XSS) vulnerability affecting the Tithe.ly Giving Button WordPress plugin before version 1.1. The plugin does not properly validate and escape shortcode attributes, allowing users with contributor role and above to inject malicious scripts into webpages where the shortcode is embedded. Successful exploitation could result in unintended execution of malicious code in users' browsers. This vulnerability poses a significant risk and requires immediate attention and patching from WordPress site administrators using the affected plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/081i0k
https://www.cve.org/CVERecord?id=CVE-2024-11841
https://nvd.nist.gov/vuln/detail/CVE-2024-11841

Back to Vulnerability Database

CVE-2024-11841

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations