CVE-2024-13728 MEDIUM

CVE-2024-13728: Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting

Vendor Scottpaterson
Product Accept Donations with PayPal & Stripe
Weakness CWE-79 · XSS
Published February 23, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

February 23, 2025 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23585 WordPress Goo.gl Url Shorter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-29758 WordPress Co-marquage service-public.fr plugin <= 0.5.72 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API CVE-2023-33997 WordPress bbp style pack Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)