cleantalk

Vulnerabilities and Security Researches

Security report for CVE MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet > CVE-2024-13391

CVE, Research URL

CVE-2024-13391

Home page URL

Security reports for MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

Application

MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

Published on
Jan 18, 2025
Research Description
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_upload_guest' shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.9.30.
Status
vulnerable
Previous vulnerability researches
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet (CVE-2024-13391) , Jan 19, 2025
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet (CVE-2022-27629) , Jun 07, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2015-5532) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2021-25114) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2020-5579) , Jun 06, 2024
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025