CVE-2023-4404
Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
El plugin Donation Forms by Charitable para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la v1.7.0.12 debido a una restricción insuficiente en la función "update_core_user". Esto hace posible que atacantes no autenticados especifiquen su rol de usuario proporcionando el parámetro "role" durante un registro.
WordPress Charitable Donations Plugin and Fundraising Platform versions 1.7.0.12 and below suffer from a privilege escalation vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-17 CVE Reserved
- 2023-08-17 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpcharitable Search vendor "Wpcharitable" | Charitable Search vendor "Wpcharitable" for product "Charitable" | <= 1.7.0.12 Search vendor "Wpcharitable" for product "Charitable" and version " <= 1.7.0.12" | wordpress |
Affected
| ||||||