Charitable

charitable

Vendor: Wpcharitable • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8791 1Wpcharitable 1Charitable Sep 26, 2024 Sep 24, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugi...Show more The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.Show less
CVE-2023-47816 1Wpcharitable 1Charitable Nov 21, 2024 Nov 22, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
CVE-2023-4404 1Wpcharitable 1Charitable Apr 8, 2026 Aug 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it pos...Show more The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.Show less
CVE-2022-47441 1Wpcharitable 1Charitable Nov 21, 2024 May 10, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.
CVE-2021-24531 1Wpcharitable 1Charitable Nov 21, 2024 Aug 23, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
CVE-2018-21011 1Wpcharitable 1Charitable Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.