265 matches found
WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability
Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...
WordPress Charitable Plugin <= 1.8.1.14 is vulnerable to Privilege Escalation
Software Charitable Type Plugin Vulnerable versions = 1.8.1.14 Fixed in 1.8.1.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8791 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04c66e8c147c Credits wesley...
PT-2024-39255 · WordPress · Donation Forms By Charitable
Name of the Vulnerable Software and Affected Versions: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress versions up to, and including, 1.8.1.14 Description: The issue is due to the plugin not properly verifying a user's identity when the ID parameter is supplie...
WordPress plugin Donation Forms by Charitable 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...
WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Charitable versions = 1.8.1.7...
WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Charitable versions = 1.8.1.7...
WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control
Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37506 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4942d8e7ca80 Credits Manab Jyoti Dowarah Required...
WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control
Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37510 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a9ef1ac55d95 Credits Dhabaleshwar Das Require...
Charitable < 1.7.0.14 - Authenticated(Contributor+) Stored Cross-Site Scripting
Description The Charitable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-47816
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...
CVE-2023-47816
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...
CVE-2023-47816
CVE-2023-47816 affects the WordPress Charitable plugin called Charitable Donations & Fundraising Team Donation Forms. Vulnerable in versions
CVE-2023-47816 WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...
CVE-2023-47816 WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...
PT-2023-30626 · Charitable · Charitable Donations & Fundraising Team Donation Forms
Name of the Vulnerable Software and Affected Versions: Charitable Donations & Fundraising Team Donation Forms by Charitable plugin versions = 1.7.0.13 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting...
WordPress Plugin Donation Forms by Charitable Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS)
Software Charitable Type Plugin Vulnerable versions = 1.7.0.13 Fixed in 1.7.0.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47816 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00dfa7559152 Credits Ngô Thiên An ancorn from VNPT-VCI...
CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
Design/Logic Flaw
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...