cbcvebase.

Wpcharitable Charitable vulnerabilities

6 known vulnerabilities affecting wpcharitable/charitable.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-8791P2CRITICALCVSS 9.8fixed in 1.8.1.152024-09-24
CVE-2024-8791 [CRITICAL] CWE-639 CVE-2024-8791: The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it
nvd
CVE-2023-4404P2CRITICALCVSS 9.8≤ 1.7.0.122023-08-23
CVE-2023-4404 [CRITICAL] CWE-269 CVE-2023-4404: The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versi The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
nvd
CVE-2018-21011P3HIGHCVSS 7.5fixed in 1.5.142019-09-09
CVE-2018-21011 [HIGH] CWE-200 CVE-2018-21011: The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation detai The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
nvd
CVE-2022-47441P4MEDIUMCVSS 6.1≤ 1.7.0.102023-05-10
CVE-2022-47441 [MEDIUM] CWE-79 CVE-2022-47441: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Tea Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.
nvd
CVE-2021-24531P4MEDIUMCVSS 5.4fixed in 1.6.512021-08-23
CVE-2021-24531 [MEDIUM] CWE-79 CVE-2021-24531: The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stor The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
nvd
CVE-2023-47816P4MEDIUMCVSS 5.4≤ 1.7.0.132023-11-22
CVE-2023-47816 [MEDIUM] CWE-79 CVE-2023-47816: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
nvd
Wpcharitable Charitable vulnerabilities | cvebase