CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37506 – WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37506
04 Jul 2024 — Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. The Charitable plugin for WordPress is vulnerable to unauthorized access due to insufficient verification on the process_donation() function in versions up to, and including, 1.8.1.7. This makes it possible for unauthenticated attackers to donate on forms they shouldn't have access to. • https://patchstack.com/database/vulnerability/charitable/wordpress-donation-forms-by-charitable-plugin-1-8-1-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37510 – WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37510
04 Jul 2024 — Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. The Charitable plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_license_check function in versions up to, and including, 1.8.1.7. This makes it possible for unauthenticated attackers to verify a license. • https://patchstack.com/database/vulnerability/charitable/wordpress-donation-forms-by-charitable-plugin-1-8-1-7-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •