CVE-2024-11921 – Give < 3.19.0 - Reflected XSS

https://notcve.org/view.php?id=CVE-2024-11921

06 Dec 2024 — The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. El complemento GiveWP para WordPress anterior a la versión 3.19.0 no desinfecta ni escapa un parámetro antes de mostrarlo nuevamente en la página, lo que genera un error de Cross-Site Scripting reflejado que podría usarse contra usuarios con privilegios elevados, como el administra... • https://packetstorm.news/files/id/183282 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •