CNNVD-202511-1275 Information
CNNVD ID
CNNVD-202511-1275
Related CVE
- CNNVD Published: 2025-11-11
Description (Chinese)
WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。Woocommerce是其中的一个电子商务插件。uninstall是使用在其中一个用于完全卸载WordPress的插件。redirection是使用在其中的一个重定向管理插件。Press是一个运行 Frappe Cloud 的 Frappe 自定义应用程序。para是一个多租户后端服务器,用于快速构建web和移动应用程序。 WordPress plugin Paypal Donation Shortcode 0.1及之前版本存在跨站脚本漏洞,该漏洞源于未正确清理用户输入和输出title和text参数,可能导致存储型跨站脚本攻击。
Description (English)
WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. Woocommerce is one of the e-commerce plugins. Uninstall is used in one of the plugins used to completely unload WordPress. Redirection is one of its redirected management plugins. Press is a Frappe custom application to run Frappe Cloud. Para is a multi-tenant back-end server for quick construction of web and mobile applications. WordPress pugin paypal Donation Shortcode 0.1 and previous versions had a cross-site script loophole, which originated from an incorrect clean-up of user input and output bitle and text parameters and could result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
WordPress
Published
2025-11-11
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/browser/paypal-donation-shortcode/tags/0.1/paypal-donation-shortcode.php#L23 https://www.wordfence.com/threat-intel/vulnerabilities/id/b66ab7c4-7963-424f-afec-0e52b987c6b3?source=cve
Share on: