Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Donations ProjectDonations

3 matches found

CVE
CVEadded 2022/05/13 4:15 p.m.80 views

CVE-2022-29433

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin

5.4CVSS4.7AI score0.0017EPSS
CVE
CVEadded 2022/04/25 4:16 p.m.58 views

CVE-2022-0782

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

9.8CVSS9.9AI score0.02732EPSS
CVE
CVEadded 2019/08/29 12:15 p.m.37 views

CVE-2019-15772

The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

6.1CVSS6.3AI score0.00201EPSS