cleantalk
Vulnerabilities and Security Researches

Total Donations, CVE-2019-6703

CVE, Research URL

CVE-2019-6703

Home page URL

Security reports for Total Donations

Application

Total Donations

Published on
Jan 27, 2019
Research Description
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Affected versions
Min -, max 3.0.0.
Status
vulnerable
Previous vulnerability researches
Total Donations (CVE-2019-6703) , Jun 07, 2024
Total Donations (CVE-2025-43837) , May 07, 2025
New vulnerability
BMI Adult & Kid Calculator (CVE-2025-47618) , May 12, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025