CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

WordPress Charitable plugin <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Privacy Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Charitable versions = 1.8.6.1...

WordPress Charitable plugin <= 1.8.4.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Charitable versions = 1.8.4.7...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress Charitable Plugin <= 1.8.1.14 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.8.1.14 Fixed in 1.8.1.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8791 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04c66e8c147c Credits wesley...

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37510 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a9ef1ac55d95 Credits Dhabaleshwar Das Require...

WordPress Charitable Plugin <= 1.8.1.7 is vulnerable to Broken Access Control

Software Charitable Type Plugin Vulnerable versions = 1.8.1.7 Fixed in 1.8.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37506 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4942d8e7ca80 Credits Manab Jyoti Dowarah Required...

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.7.0.10 Fixed in 1.7.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92fc43f8ba32 Credits Team WeBoB...