CVE-2021-24524

CVE-2021-24524: GiveWP < 2.12.0 - Authenticated Stored XSS

Vendor Unknown

Product GiveWP – Donation Plugin and Fundraising Platform

Weakness CWE-79 · XSS

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24524

Related vulnerabilities

04Related CVE

CVE-2024-54049 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode CVE-2025-14626 QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes CVE-2021-24953 Advanced iFrame < 2022 - Reflected Cross-Site Scripting CVE-2026-5015 elecV2 elecV2P Endpoint logs cross site scripting