EUVD-2026-26755

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

CVE-2026-39691

The CVE-2026-39691 entry concerns the WordPress plugin “Cryptocurrency Donation Box – Bitcoin & Crypto Donations” (affected: versions up to and including 2.2.13). Description: a Missing Authorization vulnerability arising from incorrectly configured access control security levels, enabling exploi...

PT-2026-23388

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Payp...

EUVD-2025-203616

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through = 1.25...

WordPress Donation SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...

CVE-2025-67550 WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

CVE-2025-67550 WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through = 2.2.6...

CVE-2025-13625 WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2025-13001

The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks...

WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Donation Thermometer versions = 2.2.6...

PT-2025-47446

Name of the Vulnerable Software and Affected Versions GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.13.1 Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...

CVE-2025-11893

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-5275

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Donation Block For PayPal versions = 2.2.0...

WordPress Donation Block For PayPal Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Donation Block For PayPal Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6021 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49c1f9f09af2 Credits Bob Matyas...

WordPress Donation Platform for WooCommerce: Fundraising & Donation Management Plugin < 1.2.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Donation Platform for WooCommerce: Fundraising & Donation Management Type Plugin Vulnerable versions 1.2.10 Fixed in 1.2.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSI...

WordPress plugin Donation Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Donation Thermometer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. cross-site scripting vulnerability exists in versions prior to WordPress Donation Thermometer 2.1.3. The...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...