VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

📄 WordPress GiveWP Donation 3.14.1 PHP Object Injection

WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability. This script exploits a different vector than the prior submissions from this researcher...

WordPress Raisely Donation Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Raisely Donation Form, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...

CVE-2025-3781

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raiselydonationform shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3781

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raiselydonationform shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3781 Raisely Donation Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raiselydonationform shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3781 Raisely Donation Form <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode

The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raiselydonationform shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3781

CVE-2025-3781: Raisely Donation Form plugin for WordPress (versions

WordPress plugin Raisely Donation Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Raisely Donation Form, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...

PT-2025-22334 · WordPress · Raisely Donation Form

Name of the Vulnerable Software and Affected Versions: Raisely Donation Form plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's raisely donation form shortcode due to insufficient input sanitization and output...

WordPress Raisely Donation Form plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via raiselydonationform Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Raisely Donation Form versions = 1.0...

PT-2025-9590

Name of the Vulnerable Software and Affected Versions Donations Widget plugin for WordPress versions up to, and including, 3.19.4 Description The issue arises from improper handling of user-supplied data within the donation form, particularly in the card address parameter. This flaw allows...

WordPress plugin CanadaHelps Embedded Donation Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress CanadaHelps Embedded Donation plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin CanadaHelps Embedded Donation Form versions = 1.0.0...

CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting

Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 - Stored Cross Site Scripting Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/donorbox-donation-form Version: 7.1.6 Tested on: Firefox Contact me: h at...

WordPress plugin GiveWP cross-site scripting vulnerability (CNVD-2022-25222)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress...

WordPress plugin GiveWP 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress...

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. 1. Go to /wp-admin/edit.php?posttype=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed...