Lucene search

PRIOn knowledge basePRION:CVE-2022-4004

HistoryDec 12, 2022 - 6:15 p.m.

Design/Logic Flaw

2022-12-1218:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

donation button

logic flaw

twilio

sms

security issue

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its “donation_button_twilio_send_test_sms” AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin’s Twilio integration to send SMSes to arbitrary phone numbers.

CPENameOperatorVersion
donation_buttonle4.0.0

CPE	Name	Operator	Version
	donation_button	le	4.0.0

References

wpscan.com/vulnerability/6a3bcfb3-3ede-459d-969f-b7b30dafd098