CVE-2026-4650 FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

CVE-2026-4650

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

WordPress plugin FundPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2009-4813

Cross-site scripting XSS vulnerability in myps.php in MyBB aka MyBulletinBoard 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action...

CVE-2009-4813

Cross-site scripting XSS vulnerability in myps.php in MyBB aka MyBulletinBoard 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action...