VYPR

Donations

by WordPress

CVEs (2)

  • CVE-2022-0782CriApr 25, 2022
    risk 0.64cvss 9.8epss 0.02

    The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an…

  • CVE-2024-11607MedDec 21, 2024
    risk 0.40cvss 6.1epss 0.00

    The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.