2 matches found
WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...
CVE-2025-13001
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks...