WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS)
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Stored XSS in admin panels of Exquisite PayPal Donation plugin ≤ v2.0.0 allows attackers to inject malicious scripts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in admin panels of Exquisite PayPal Donation plugin ≤ v2.0.0 allows attackers to inject malicious scripts.
Vulnerability
The Exquisite PayPal Donation plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including v2.0.0. The issue requires authenticated access with administrator-level privileges to exploit. The vulnerable code path allows injection of arbitrary JavaScript that persists on the server and executes in the context of other admin users' browsers.
Exploitation
An attacker needs valid WordPress administrator credentials to access the plugin's settings pages where input fields are not properly sanitized. The attack involves saving a crafted payload (e.g., ``) into a plugin configuration field. No additional user interaction is required beyond the administrator saving the malicious input.
Impact
Successful exploitation enables the attacker to execute arbitrary JavaScript in the browsers of other administrators who visit the affected plugin pages. This can lead to session hijacking, defacement, or further privilege escalation within the WordPress admin dashboard. The attack achieves information disclosure and unauthorized actions at the admin level.
Mitigation
As of March 28, 2023, the plugin has been closed and removed from the WordPress.org plugin directory due to a security issue. No patched version has been released. Users who have this plugin installed should immediately uninstall it. There is no known workaround other than removing the plugin entirely. The plugin is considered end-of-life and should not be used. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.0.0+ 1 more
- (no CPE)range: <=2.0.0
- (no CPE)range: n/a
Patches
0exquisite-paypal-donationThis plugin has been removed from the WordPress.org directory on 2023-03-28 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.