The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
1. Go to /wp-admin/edit.php?post_type=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be executed
CPE | Name | Operator | Version |
---|---|---|---|
charitable | lt | 1.6.51 |