CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

PT-2025-43722

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions prior to 1.8.8.5 Description The Charitable – Donation Plugin for WordPress is susceptible to SQL Injection via the donation ids parameter...

EUVD-2021-11443

Malware in sbrugna...

CVE-2025-5275

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping...

CVE-2024-10876

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...

CVE-2024-10876

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...

CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

Cross site scripting

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

CVE-2021-24531 Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

Wordpress Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Wordpress...

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. PoC 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be...