cleantalk
Vulnerabilities and Security Researches

Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress, CVE-2024-8791

CVE, Research URL

CVE-2024-8791

Home page URL

Security reports for Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress

Application

Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress

Published on
Sep 24, 2024
Research Description
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.
Affected versions
Min -, max 1.8.1.15.
Status
vulnerable
Previous vulnerability researches
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2023-47816) , Jun 07, 2024
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2018-21011) , Jun 07, 2024
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2021-24531) , Jun 07, 2024
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2022-47441) , Jun 07, 2024
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress (CVE-2023-4404) , Jun 07, 2024
New vulnerability
Swiss Toolkit For WP (CVE-2025-31544) , Apr 03, 2025
Swiss Toolkit For WP (CVE-2025-31546) , Apr 03, 2025
AB Google Map Travel (AB-MAP) (CVE-2025-31613) , Apr 03, 2025
OmniLeads Scripts and Tags Manager (CVE-2025-31460) , Apr 03, 2025
Apimo connector (CVE-2025-31602) , Apr 03, 2025