Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

CVE-2026-28115

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...

CVE-2026-28115

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'update_profile_preference' vulnerability

Missing Authorization in 'updateprofilepreference' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

WordPress Kudos Donations plugin <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' vulnerability

Reflected Cross-Site Scripting via 'addqueryarg' vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Kudos Donations versions = 3.2.9...

WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Legion Hunter in WordPress Plugin Accept Donations with PayPal & Stripe versions = 1.5.2...

CVE-2025-58999

The CVE affects WordPress plugin WP Attractive Donations System - Easy Stripe & Paypal donations (versions up to 1.25). Root cause: lack of CSRF protection in the plugin, enabling Cross-Site Request Forgery. Impact per sources: unauthorized actions on behalf of authenticated users, as described b...

CVE-2025-58999 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through = 1.25...

CVE-2025-58999 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through = 1.25...

EUVD-2019-16261

Malware in sbrugna...

EUVD-2023-36846

Malicious code in bioql PyPI...

EUVD-2022-33771

Malicious code in bioql PyPI...

EUVD-2022-15834

Malicious code in bioql PyPI...

CVE-2025-58956

CVE-2025-58956 is a CSRF-induced Stored XSS in the WordPress plugin WP Attractive Donations System (WP Attractive Donations System – easy stripe/paypal donations). The Vulnerability Type is Cross-Site Request Forgery enabling Stored XSS. CVSS base score is 7.1 (3.1-era metrics: AV:N/AC:L/PR:N/UI:...

CVE-2024-11685

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...

CVE-2023-40664

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao Donations Made Easy – Smart Donations plugin = 4.0.12 versions...

CVE-2022-1610

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2019-15772

The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

PT-2025-7654 · WordPress · Accept Donations With Paypal & Stripe

Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal & Stripe plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...

WordPress plugin Kudos Donations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...