3 matches found
CVE-2022-29433
The CVE-2022-29433 entry concerns the WordPress Donations plugin (versions ≤ 1.8). The connected documents confirm an authenticated Stored Cross-Site Scripting (XSS) vulnerability where parameters are not properly sanitized/escaped, allowing a contributor+ (authenticated) user to trigger XSS. Imp...
CVE-2022-0782
CVE-2022-0782 affects the WordPress Donations plugin (versions up to 1.8). The root cause is improper sanitisation/escaping of the nd_donations_id parameter, which is used unsafely in an SQL statement inside the unauthenticated AJAX action nd_donations_single_cause_form_validate_fields_php_functi...
CVE-2019-15772
The CVE-2019-15772 issue affects the WordPress nd-donations plugin prior to version 1.4. It exposes a nopriv_ AJAX action that allows modification of the siteurl setting. This unauthenticated capability can enable an attacker to alter the site’s URL configuration, depending on the vulnerable envi...