Donations Project Donations — known CVE vulnerabilities
Every CVE whose affected-product data names Donations Project Donations, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-0782 — CVSS 9.8 (critical): The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement…
CVE-2019-15772 — CVSS 6.1 (medium): The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
CVE-2022-29433 — CVSS 4.1 (medium): Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.