Vulnerabilities and security researches forwp-church-donation wp-church-donation

Mar 26, 2025

CVE, Research URL: CVE-2024-13690
Home page URL: Security reports for WP Church Donation
Application: WP Church Donation
Date: Mar 25, 2025
Research Description: The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31410
Home page URL: Security reports for WP Church Donation
Application: WP Church Donation
Date: Mar 31, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through 1.7.
Affected versions: Min -, max -.
Status: vulnerable