Vulnerabilities (CVE)

Filtered by vendor Donations Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29433 1 Donations Project 1 Donations 2024-11-21 3.5 LOW 4.1 MEDIUM
Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.
CVE-2022-0782 1 Donations Project 1 Donations 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
CVE-2019-15772 1 Donations Project 1 Donations 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.