4 matches found
CVE-2025-0912
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...
CVE-2025-0912
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...
CVE-2025-0912
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...
PT-2025-9590
Name of the Vulnerable Software and Affected Versions Donations Widget plugin for WordPress versions up to, and including, 3.19.4 Description The issue arises from improper handling of user-supplied data within the donation form, particularly in the card address parameter. This flaw allows...