CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

CVE-2026-28115

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...

CVE-2025-58999

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through = 1.25...

CVE-2025-58999

The CVE affects WordPress plugin WP Attractive Donations System - Easy Stripe & Paypal donations (versions up to 1.25). Root cause: lack of CSRF protection in the plugin, enabling Cross-Site Request Forgery. Impact per sources: unauthorized actions on behalf of authenticated users, as described b...

CVE-2025-0912

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47551 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b70e50fa19bd Credit...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2b34d09c3af...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to SQL Injection

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40207 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d59e4bac0935 Credits minhtuanact Required privile...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8415256cc6f...

WordPress plugin Donations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...