cleantalk
Vulnerabilities and Security Researches

Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free, b62a26a6-cea0-46a7-b577-ba8d476ec1b5

CVE, Research URL

b62a26a6-cea0-46a7-b577-ba8d476ec1b5

Home page URL

Security reports for Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free

Application

Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free

Published on
-
Research Description
Cryptocurrency Donation Box &#8211; Bitcoin &amp; Crypto Donations [cryptocurrency-donation-box] < 1.8 Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation &amp; Activation Multiple plugins from the Cool Plugins vendor are missing capability and proper CSRF check in the cool_plugins_install and cool_plugins_activate AJAX actions, available to any authenticated users, allowing them to install and activate arbitrary plugins via an archive hosted on a remote server they control
Affected versions
max 1.8.
Status
vulnerable
Previous vulnerability researches
Add infos to the events calendar (CVE-2024-11875) , Dec 13, 2024
Events Search For The Events Calendar (064f04a5db00947ea83e3596cf05df5e81a0431e) , Jun 07, 2024
Events Search For The Events Calendar (b62a26a6-cea0-46a7-b577-ba8d476ec1b5) , Jun 16, 2026
Events Search For The Events Calendar (499fc5b5931097622c99d4db054b7adfe26218e8) , Jun 16, 2026
The Events Calendar Countdown Addon (b62a26a6-cea0-46a7-b577-ba8d476ec1b5) , Jun 16, 2026
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026
WooCommerce Stripe Payment Gateway (CVE-2026-2381) , Jun 16, 2026
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026