176 matches found
CVE-2025-23621 WordPress Causes – Donation plugin <= 1.0.01 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in algothemes Causes – Donation Plugin causes allows Reflected XSS.This issue affects Causes – Donation Plugin: from n/a through = 1.0.01...
CVE-2025-23621
CVE-2025-23621 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Causes – Donation Plugin (Causes) limited to versions 1.0.01 and earlier. The issue stems from improper input neutralization during web page generation, enabling attacker-supplied input to be reflected ...
PT-2025-4979 · Unknown · Causes – Donation Plugin
Name of the Vulnerable Software and Affected Versions: Causes – Donation Plugin versions 1.0.01 and below Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables attackers to inject...
WordPress plugin Causes – Donation Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. WordPress plugin Causes - A...
WordPress Causes – Donation plugin <= 1.0.01 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Causes – Donation Plugin versions = 1.0.01...
PT-2025-1974 · Givewp · Givewp
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to 3.19.2 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input from the donation form, such as the firstName field...
WordPress Paytm – Donation Plugin plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Paytm Payment Donation versions = 2.3.1...
CVE-2024-11879
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53752. Reason: This candidate is a reservation duplicate of CVE-2024-53752. Notes: All CVE users should reference CVE-2024-53752 instead of this candidate. All references and descriptions in this candidate have been...
PT-2024-17315 · WordPress · Stripe Donation Plugin
Name of the Vulnerable Software and Affected Versions: Stripe Donation plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stripe donation' shortcode due to insufficient input sanitization and output escaping on...
WordPress Stripe Donation plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Stripe Donation versions = 1.2.5...
CVE-2024-10876
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...
CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...
CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. Thi...
CVE-2024-50459 WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...
CVE-2024-50459 WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...
PT-2024-34234 · WordPress · Wordpress Stripe Donation/Payment Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Stripe Donation and Payment Plugin versions 3.2.3 and earlier Description: The issue is related to missing authorization in the HM Plugin WordPress Stripe Donation and Payment Plugin, allowing exploitation due to incorrectly...
CVE-2024-9634
CVE-2024-9634 affects GiveWP – Donation Plugin and Fundraising Platform for WordPress (
WordPress plugin GiveWP – Donation Plugin and Fundraising Platform 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
CVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...