Description
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Published: 2024-12-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0003}

epss

{'score': 0.00033}


Sat, 17 May 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Jordangillman
Jordangillman tithe.ly Giving Button
Weaknesses CWE-79
CPEs cpe:2.3:a:jordangillman:tithe.ly_giving_button:*:*:*:*:*:wordpress:*:*
Vendors & Products Jordangillman
Jordangillman tithe.ly Giving Button

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Dec 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Title Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode
References

Subscriptions

Jordangillman Tithe.ly Giving Button
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-12-16T16:46:49.173Z

Reserved: 2024-11-26T20:01:46.876Z

Link: CVE-2024-11841

cve-icon Vulnrichment

Updated: 2024-12-16T16:46:36.436Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-16T06:15:05.967

Modified: 2026-06-17T06:58:33.790

Link: CVE-2024-11841

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses