Lucene search
K

265 matches found

Prion
Prion
added 2021/08/23 12:15 p.m.15 views

Cross site scripting

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

3.5CVSS5.2AI score0.00576EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/23 11:10 a.m.28 views

CVE-2021-24531 Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature...

5.4AI score0.00576EPSS
Exploits1References2
CVE
CVE
added 2021/08/23 11:10 a.m.51 views

CVE-2021-24531

CVE-2021-24531 affects the WordPress Charitable – Donation Plugin, versions before 1.6.51. Affected component: add donation feature. Root cause: authenticated stored cross-site scripting (XSS) in the add donation form, enabling script execution with authenticated access. Impact details in sources...

5.4CVSS5.1AI score0.00576EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.4 views

Wordpress Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Wordpress...

5.4CVSS5.4AI score0.00576EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/07/21 12:0 a.m.10 views

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...

Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/07/21 12:0 a.m.548 views

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...

3.5CVSS0.7AI score0.00576EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/07/21 12:0 a.m.543 views

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f, the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in...

Exploits0References2
WPVulnDB
WPVulnDB
added 2021/07/21 12:0 a.m.16 views

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. PoC 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be...

3.5CVSS1.8AI score0.00576EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2021/07/21 12:0 a.m.11 views

WordPress Charitable plugin <= 1.6.50 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Eric Daams in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/21 12:0 a.m.17 views

WordPress Charitable plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...

5.4CVSS2.5AI score0.00576EPSS
Exploits1References3Affected Software1
Malwarebytes
Malwarebytes
added 2020/09/17 4:59 p.m.25 views

Charities and the advertising industry: data ecosystems and privacy risks

Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...

6.6AI score
Exploits0
CISA
CISA
added 2020/06/01 12:0 a.m.16 views

Hurricane-Related Scams

June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often...

6.8AI score
Exploits0References6
CNVD
CNVD
added 2019/09/12 12:0 a.m.3 views

WordPress charitable plugin information disclosure vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. charitable is used in one of the online donation platform to build plug-ins. An information disclosure vulnerability exists in the...

7.5CVSS6.3AI score0.01726EPSS
Exploits0References1
OSV
OSV
added 2019/09/09 1:15 p.m.3 views

CVE-2018-21011

The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details...

7.5CVSS5.8AI score0.01726EPSS
Exploits0References2
CVE
CVE
added 2019/09/09 12:3 p.m.36 views

CVE-2018-21011

CVE-2018-21011 affects the WordPress Charitable plugin prior to version 1.5.14, allowing unauthorized access to user and donation details. The issue stems from a vulnerability in the Charitable plugin that leads to information disclosure; CVSS metrics indicate a network-accessible flaw with mediu...

7.5CVSS7.5AI score0.01726EPSS
Exploits0References2Affected Software1
CISA
CISA
added 2019/08/06 12:0 a.m.17 views

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency CISA advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to...

6.6AI score
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2018/12/04 12:0 p.m.26 views

Nonprofits on Facebook Get Hacked—Then They Really Need Help

Facebook is an enormous platform for charitable giving, but some nonprofit leaders say there aren’t enough resources when something goes wrong...

1.5AI score
Exploits0
Patchstack
Patchstack
added 2018/05/16 12:0 a.m.16 views

WordPress Charitable plugin <= 1.5.13 - Unauthorized Access vulnerability leading to Sensitive Information Disclosure

Unauthorized Access vulnerability leading to Sensitive Information Disclosure discovered in WordPress Charitable plugin versions = 1.5.13. Solution Update the WordPress Charitable plugin to the latest available version at least 1.5.14...

7.5CVSS3AI score0.01726EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/16 12:0 a.m.17 views

Charitable <= 1.5.13 - Unauthorised Access

From the vendor blog pos details: Fix a bug that can in certain scenarios allow unauthorized users to access the user and donation details of previous donations. Payment details such as credit card details were not exposed...

5CVSS3.4AI score0.01726EPSS
Exploits0References1Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/01/31 3:42 p.m.49 views

A Top Employer in Canada for the Second Year in a Row

Trend Micro has been protecting governments, businesses and consumers from cyber-threats for more than 28 years. Right from the start, our founders were keen to emphasize the important role played by corporations in society as a whole. To that end, we’ve always been an active participant in...

6.9AI score
Exploits0
Rows per page
Query Builder