Buymeacoffee Buy Me A Coffee — known CVE vulnerabilities
Every CVE whose affected-product data names Buymeacoffee Buy Me A Coffee, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-2078 — CVSS 7.3 (high): The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing…
CVE-2023-2079 — CVSS 7.1 (high): The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce…
CVE-2023-2082 — CVSS 6.4 (medium): The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and…
CVE-2023-2578 — CVSS 4.8 (medium): The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2023-25030 — CVSS 4.3 (medium): Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7.