Lucene search
K

85 matches found

Patchstack
Patchstack
added 2024/07/04 12:0 a.m.13 views

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37506 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4942d8e7ca80 Credits Manab Jyoti Dowarah Required...

5.3CVSS6.3AI score0.00371EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.10 views

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37510 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a9ef1ac55d95 Credits Dhabaleshwar Das Require...

6.5CVSS6.3AI score0.00443EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/22 11:15 p.m.3 views

CVE-2023-47816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

5.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2023/11/22 10:57 p.m.74 views

CVE-2023-47816

CVE-2023-47816 affects the WordPress Charitable plugin called Charitable Donations & Fundraising Team Donation Forms. Vulnerable in versions

6.5CVSS5.8AI score0.00441EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/22 10:57 p.m.12 views

CVE-2023-47816 WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

6.5CVSS6.9AI score0.00441EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/22 10:57 p.m.23 views

CVE-2023-47816 WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

6.5CVSS6.7AI score0.00441EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.4 views

PT-2023-30626 · Charitable · Charitable Donations & Fundraising Team Donation Forms

Name of the Vulnerable Software and Affected Versions: Charitable Donations & Fundraising Team Donation Forms by Charitable plugin versions = 1.7.0.13 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting...

6.5CVSS5.3AI score0.00441EPSS
Exploits1References3
Patchstack
Patchstack
added 2023/11/15 12:0 a.m.14 views

WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.13 Fixed in 1.7.0.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47816 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00dfa7559152 Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.6AI score0.00441EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/23 1:58 a.m.39 views

CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS9.7AI score0.00765EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/08/23 1:58 a.m.10 views

CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS7.2AI score0.00765EPSS
Exploits1References2
Wordfence Blog
Wordfence Blog
added 2023/08/22 1:35 p.m.37 views

Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites

On August 10, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in the Donation Forms by Charitable plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it...

7.5CVSS7.6AI score0.00765EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.361 views

WordPress Charitable Donations Plugin And Fundraising Platform 1.7.0.12 Privilege Escalation

Description: Donation Forms by Charitable = 1.7.0.12 – Unauthenticated Privilege Escalation Affected Plugin: Charitable – Donations Plugin & Fundraising Platform for WordPress Plugin Slug: charitable Affected Versions: = 1.7.0.12 CVE ID: CVE-2023-4404 CVSS Score: 9.8 Critical CVSS...

7.1AI score0.00765EPSS
Exploits1
Patchstack
Patchstack
added 2023/08/22 12:0 a.m.20 views

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

9.8CVSS6.7AI score0.00765EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/10 11:15 a.m.2 views

CVE-2022-47441

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

6.1CVSS5.8AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2023/05/10 11:15 a.m.20 views

CVE-2022-47441

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References1
Prion
Prion
added 2023/05/10 11:15 a.m.13 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/10 10:10 a.m.40 views

CVE-2022-47441

CVE-2022-47441 affects the WordPress plugin Charitable Donations & Fundraising Team Donation Forms by Charitable, versions

7.1CVSS6.1AI score0.00382EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/10 10:10 a.m.28 views

CVE-2022-47441 WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/04/19 12:0 a.m.7 views

WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.10 Fixed in 1.7.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92fc43f8ba32 Credits Team WeBoB...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/23 12:15 p.m.3 views

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References2
Rows per page
Query Builder