CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

WordPress Plugin Donation Forms by Charitable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites

On August 10, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in the Donation Forms by Charitable plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it...

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation

Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...

WordPress Charitable Donations Plugin And Fundraising Platform 1.7.0.12 Privilege Escalation

Description: Donation Forms by Charitable = 1.7.0.12 – Unauthenticated Privilege Escalation Affected Plugin: Charitable – Donations Plugin & Fundraising Platform for WordPress Plugin Slug: charitable Affected Versions: = 1.7.0.12 CVE ID: CVE-2023-4404 CVSS Score: 9.8 Critical CVSS...

Ransomware review: June 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

CVE-2022-47441

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

CVE-2022-47441

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

CVE-2022-47441

CVE-2022-47441 affects the WordPress plugin Charitable Donations & Fundraising Team Donation Forms by Charitable, versions

CVE-2022-47441 WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

CVE-2022-47441 WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.10 versions...

Wordpress plugin Donation Forms by Charitable 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.10 Fixed in 1.7.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92fc43f8ba32 Credits Team WeBoB...

Charitable < 1.7.0.11 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Hurricane-Related Scams 

CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...