How severe is CVE-2024-11607?

CVE-2024-11607 has a CVSS v3 score of 6.1 (MEDIUM).

CVE-2024-11607

Name: gtpayment_donations
Author: harryhe

6.1MEDIUM

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add

Published: 12/21/2024Updated: 5/14/2025

Description

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

AI AnalysisPowered by AI

Affected Products

harryhegtpayment_donations

References

https://wpscan.com/vulnerability/132b5193-156b-40b8-b5c7-08646e1f6866/
ExploitThird Party Advisory