Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Sat, 17 May 2025 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jordangillman
Jordangillman tithe.ly Giving Button |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:jordangillman:tithe.ly_giving_button:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Jordangillman
Jordangillman tithe.ly Giving Button |
Mon, 16 Dec 2024 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 16 Dec 2024 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |
| Title | Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-12-16T16:46:49.173Z
Reserved: 2024-11-26T20:01:46.876Z
Link: CVE-2024-11841
Updated: 2024-12-16T16:46:36.436Z
Status : Analyzed
Published: 2024-12-16T06:15:05.967
Modified: 2026-06-17T06:58:33.790
Link: CVE-2024-11841
No data.
OpenCVE Enrichment
No data.