The vulnerability CVE-2024-53776 affects the Donate Me plugin by raphaelheide, allowing CSRF attacks that can result in stored XSS. The affected versions include all versions up to 1.2.5. The CVSS 3.1 base score is 7.1, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability rated as low to low to low respectively. No patch or mitigation details are currently available from the vendor or other sources.

An attacker can exploit this vulnerability remotely to trick an authenticated user into submitting a forged request, which may lead to stored XSS. This can compromise user data confidentiality, integrity, and availability to a limited extent. The vulnerability affects all users of the Donate Me plugin up to version 1.2.5, potentially allowing attackers to execute malicious scripts in the context of the affected application.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting the use of the Donate Me plugin or implementing additional CSRF protections at the application or web server level. Monitor vendor channels for updates and apply patches promptly once available.