355 matches found
Accept Donations with PayPal <= 1.5.2 - Open Redirect
The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.2. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially...
Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update
Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...
CVE-2026-43879
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. Wh...
CVE-2026-7619
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-7619
The CVE-2026-7619 entry details an authenticated SQL Injection in the Charitable WordPress plugin (
Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations
Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks...
CVE-2026-3177
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
EUVD-2026-20385
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a...
WordPress plugin Cryptocurrency Donation Box – Bitcoin & Crypto Donations 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31253
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a...
CVE-2026-3177
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...
PT-2026-30800
Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...
CVE-2026-28115
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
EUVD-2026-9768
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
CVE-2026-28115
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
CVE-2026-28115 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
CVE-2026-28115
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
CVE-2026-28115 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypa...
CVE-2026-28115
CVE-2026-28115 is described as an SQL Injection in the WordPress plugin WP Attractive Donations System – Easy Stripe & Paypal donations (WP_AttractiveDonationsSystem) affecting versions up to 1.25. The issue is labeled as an improper neutralization of special elements in SQL commands, enabling bl...