Vulnerabilities and security researches forcharitable charitable
Direction: ascendingDonation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2023-47816
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Nov 23, 2023
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2018-21011
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Sep 09, 2019
- Research Description
- The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2021-24531
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Aug 23, 2021
- Research Description
- The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2022-47441
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- May 10, 2023
- Research Description
- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2023-4404
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Aug 23, 2023
- Research Description
- The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2024-37510
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2024-37506
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2024-8791
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Sep 24, 2024
- Research Description
- The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2024-10876
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Nov 09, 2024
- Research Description
- The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2025-30770
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Mar 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a through 1.8.4.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2025-47520
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows Stored XSS. This issue affects Charitable: from n/a through 1.8.5.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress # CVE-2025-5275
- CVE, Research URL
- Home page URL
- Application
-
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
- Date
- Jun 26, 2025
- Research Description
- The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. This issue was partially fixed in version 1.8.6.1 and fully fixed in version 1.8.6.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable