265 matches found
Cross site scripting
The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...
CVE-2021-24531 Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...
CVE-2021-24531
CVE-2021-24531 affects the WordPress Charitable – Donation Plugin, versions before 1.6.51. Affected component: add donation feature. Root cause: authenticated stored cross-site scripting (XSS) in the add donation form, enabling script execution with authenticated access. Impact details in sources...
Wordpress Plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Wordpress...
Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting
While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...
Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...
Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting
While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...
Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. PoC 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be...
WordPress Charitable plugin <= 1.6.50 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Eric Daams in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...
WordPress Charitable plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...
Hurricane-Related Scams
June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often...
WordPress charitable plugin information disclosure vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. charitable is used in one of the online donation platform to build plug-ins. An information disclosure vulnerability exists in the...
CVE-2018-21011
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details...
CVE-2018-21011
CVE-2018-21011 affects the WordPress Charitable plugin prior to version 1.5.14, allowing unauthorized access to user and donation details. The issue stems from a vulnerability in the Charitable plugin that leads to information disclosure; CVSS metrics indicate a network-accessible flaw with mediu...
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency CISA advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to...
Nonprofits on Facebook Get Hacked—Then They Really Need Help
Facebook is an enormous platform for charitable giving, but some nonprofit leaders say there aren’t enough resources when something goes wrong...
WordPress Charitable plugin <= 1.5.13 - Unauthorized Access vulnerability leading to Sensitive Information Disclosure
Unauthorized Access vulnerability leading to Sensitive Information Disclosure discovered in WordPress Charitable plugin versions = 1.5.13. Solution Update the WordPress Charitable plugin to the latest available version at least 1.5.14...
Charitable <= 1.5.13 - Unauthorised Access
From the vendor blog pos details: Fix a bug that can in certain scenarios allow unauthorized users to access the user and donation details of previous donations. Payment details such as credit card details were not exposed...
A Top Employer in Canada for the Second Year in a Row
Trend Micro has been protecting governments, businesses and consumers from cyber-threats for more than 28 years. Right from the start, our founders were keen to emphasize the important role played by corporations in society as a whole. To that end, we’ve always been an active participant in...