The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
7.5CVSS
7.5AI Score
0.002EPSS
The Charitable β Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
5.4CVSS
5.1AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.
7.1CVSS
6AI Score
0.0005EPSS
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
9.8CVSS
9.4AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
6.5CVSS
5.5AI Score
0.0004EPSS
The Donation Forms by Charitable β Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied th...
9.8CVSS
9.7AI Score
0.001EPSS