Lucene search
+L

55 matches found

OSV
OSV
added 2023/08/23 2:15 a.m.4 views

CVE-2023-4404

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS7.3AI score0.00765EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.26 views

WordPress Plugin Donation Forms by Charitable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS8.4AI score0.00765EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/08/22 12:0 a.m.21 views

Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation

Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...

9.8CVSS6.4AI score0.00765EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/05/10 10:10 a.m.40 views

CVE-2022-47441

CVE-2022-47441 affects the WordPress plugin Charitable Donations & Fundraising Team Donation Forms by Charitable, versions

7.1CVSS6.1AI score0.00382EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.7 views

Wordpress plugin Donation Forms by Charitable 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6.9AI score0.00382EPSS
Exploits0References2
wpexploit
wpexploit
added 2022/07/11 12:0 a.m.558 views

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...

4.8CVSS0.00511EPSS
Exploits2
OSV
OSV
added 2022/02/21 11:15 a.m.3 views

CVE-2021-25100

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00866EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/02/21 10:45 a.m.24 views

CVE-2021-25100 Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00866EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.29 views

WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS via Donation Forms Dashboard vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

6.1CVSS2.4AI score0.00866EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/18 12:0 a.m.15 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.6AI score0.00866EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.438 views

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.8AI score0.00866EPSS
Exploits2References1
OSV
OSV
added 2021/08/23 12:15 p.m.5 views

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/08/23 11:9 a.m.25 views

CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

5.1AI score0.00617EPSS
Exploits2References1
CVE
CVE
added 2021/08/23 11:9 a.m.68 views

CVE-2021-24524

The CVE-2021-24524 vulnerability affects the WordPress GiveWP plugin prior to version 2.12.0. The issue is an authenticated stored XSS in the Donation Level setting of Donation Forms, caused by insufficient escaping, enabling a high-privilege user to inject payloads. Impact is described as cross-...

4.8CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.20 views

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form ie...

3.5CVSS1.6AI score0.00617EPSS
Exploits2Affected Software1
Rows per page
Query Builder