cbcvebase.
CVE-2023-4404
published 2023-08-23

CVE-2023-4404: The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
50.8th percentile
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.

Affected

2 ranges
VendorProductVersion rangeFixed in
smubcharitable_donation_plugin_for_wordpress_fundraising_with_recurring_donations_mo<= 1.7.0.12
wpcharitablecharitable<= 1.7.0.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.