CVE-2026-1573

The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's omigodonatebutton shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

EUVD-2022-51385

Malicious code in bioql PyPI...

EUVD-2022-51386

Malicious code in bioql PyPI...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

Design/Logic Flaw

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

Cross site scripting

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4004 Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

CVE-2022-4004

Affected software: Donation Button WordPress plugin, versions through 4.0.0. Vulnerability: the AJAX action donation_button_twilio_send_test_sms does not properly enforce privileges or nonce checks. Impact: any logged-in user on the site (e.g., subscribers) could use the plugin’s Twilio integrati...

CVE-2022-4005 Donation Button <= 4.0.0 - Contributor+ Stored XSS

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2022-4005

The CVE-2022-4005 entry concerns the Donation Button WordPress plugin (pre-4.0.1/4.0.0) where insufficient sanitization and escaping of certain parameters allows stored XSS by users with a role as low as Contributor. Affected code paths involve parameter handling in the plugin, enabling XSS paylo...

CVE-2022-4005 Donation Button <= 4.0.0 - Contributor+ Stored XSS

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

PT-2022-25172 · Twilio · Twilio

Name of the Vulnerable Software and Affected Versions: Donation Button WordPress plugin versions through 4.0.0 Description: The issue concerns a lack of proper privilege and nonce token checks in the donation button twilio send test sms AJAX action. This may allow users with an account on the...

PT-2022-25177 · WordPress · Donation Button Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Donation Button WordPress plugin versions prior to 4.0.1 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin's failure to sanitize and escape some parameters...

WordPress plugin Donation Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Donation Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...