Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

EUVD-2019-16261

Malware in sbrugna...

CVE-2025-43837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through = 3.0.8...

CVE-2025-43837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through = 3.0.8...

CVE-2025-43837 WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in binti76 Total Donations allows Reflected XSS.This issue affects Total Donations: from n/a through 3.0.8...

CVE-2025-43837 WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through = 3.0.8...

CVE-2025-43837

CVE-2025-43837 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WordPress Total Donations, reported for versions 3.0.8 and earlier. The issue stems from improper neutralization of input during web page generation, enabling a reflected XSS attack. Publicly documented impact in...

WordPress plugin Total Donations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-22061 · Unknown · Binti76 Total Donations

Name of the Vulnerable Software and Affected Versions: binti76 Total Donations versions 3.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers ...

WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Total Donations versions = 3.0.8...

Total Donations Plugin for WordPress < 2.0.6 Arbitrary Options Update

The WordPress Total Donations Plugin installed on the remote host is affected by an Arbitrary Options Update. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

This Week in Security News: Hacker Strategies and Spyware Attacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how hackers are improving their breach strategies. Also, learn about new spyware attacks via URLs, websites, and mobile apps. Re...

Wordpress Users Urged to Delete Zero-Day-Ridden Plugin

Researchers are urging WordPress site owners to delete a compromised plugin after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor. Researchers at Wordfence said on Friday that flaws in the plugin, Total Donations, are being exploited by malicious actors to...

Improper access control

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

CVE-2019-6703

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

CVE-2019-6703

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

CVE-2019-6703

CVE-2019-6703 affects the Total Donations WordPress plugin (up to 2.0.5/2.0.6) via an incorrect access control in migla_ajax_functions.php. This flaw allows unauthenticated attackers to call miglaA_update_me through wp-admin/admin-ajax.php and modify arbitrary WordPress option values, enabling ac...

Total Donations - Update Arbitrary WordPress Option Values

The Total Donations WordPress plugin was affected by an Update Arbitrary WordPress Option Values security vulnerability...