55 matches found
CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
WordPress Plugin Donation Forms by Charitable 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...
CVE-2022-47441
CVE-2022-47441 affects the WordPress plugin Charitable Donations & Fundraising Team Donation Forms by Charitable, versions
Wordpress plugin Donation Forms by Charitable 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...
CVE-2021-25100
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2021-25100 Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...
WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS via Donation Forms Dashboard vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting PoC...
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2021-24524
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...
CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...
CVE-2021-24524
The CVE-2021-24524 vulnerability affects the WordPress GiveWP plugin prior to version 2.12.0. The issue is an authenticated stored XSS in the Donation Level setting of Donation Forms, caused by insufficient escaping, enabling a high-privilege user to inject payloads. Impact is described as cross-...
GiveWP < 2.12.0 - Authenticated Stored XSS
The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form ie...