8 matches found
CVE-2019-15772
The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2022-0782
The Donations WordPress plugin through 1.8 does not sanitise and escape the nddonationsid parameter before using it in a SQL statement via the nddonationssinglecauseformvalidatefieldsphpfunction AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
WordPress nd-donations plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-donations is a donation site building plugin used in it. An input validation error vulnerability exists in the WordPress nd-donatio...
CVE-2019-15772
The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2019-15772
The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
Code injection
The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2019-15772
The CVE-2019-15772 issue affects the WordPress nd-donations plugin prior to version 1.4. It exposes a nopriv_ AJAX action that allows modification of the siteurl setting. This unauthenticated capability can enable an attacker to alter the site’s URL configuration, depending on the vulnerable envi...
CVE-2019-15772
The nd-donations plugin before 1.4 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...