WordPress Plugin Give – Stored XSS for Donors
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs.
During a recent audit of the plugin, we found a severe vulnerability which allows donors to inject arbitrary code on an administrative page.
If you are using a version lower than 2.4.7, you should update immediately.
Note: A forced update was pushed by the developers, and all affected users should now be patched and protected against this vulnerability.
Continue reading WordPress Plugin Give – Stored XSS for Donors at Sucuri Blog.