Lucene search
K

838 matches found

Nuclei
Nuclei
added 12 hours ago75 views

WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection

WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/o...

7.2CVSS7AI score0.0654EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago153 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.1AI score0.74283EPSS
Exploits11References7
Nuclei
Nuclei
added 12 hours ago77 views

WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection

WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify...

9.8CVSS7.1AI score0.07879EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday30 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS7.3AI score0.28931EPSS
Exploits3References4
NVD
NVD
added 6 days ago9 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS6AI score0.00257EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References6Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-59817

Ghost is a Node.js content management system. Affects versions from 6.27.0 up to but not including 6.44.0; the public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment, without exposing cust...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-7558

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS0.00262EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42524

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References8
CVE
CVE
added 6 days ago8 views

CVE-2026-7558

CVE-2026-7558 affects the WordPress plugin Age Verification & Identity Verification by Token of Trust (

5.3CVSS5.8AI score0.00262EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-7558

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-7558 Age Verification & Identity Verification by Token of Trust <= 4.0.2 - Missing Authorization to Unauthenticated Information Exposure via 'tot_export_table' Parameter

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS0.00262EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-11981

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS0.00154EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.38 views

CVE-2026-11981 GiveWP <= 4.15.3 - Cross-Site Request Forgery

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS0.00154EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 4:32 a.m.7 views

EUVD-2026-40905

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 3:43 a.m.9 views

EUVD-2026-40888

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/06/30 4:29 p.m.6 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.15.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by javitoia in WordPress Plugin GiveWP versions = 4.15.3...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210354

Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder