Vulnerabilities > Donation Button Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-4004 Unspecified vulnerability in Donation Button Project Donation Button
The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers.
network
low complexity
donation-button-project
4.3
2022-12-12 CVE-2022-4005 Unspecified vulnerability in Donation Button Project Donation Button
The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
network
low complexity
donation-button-project
5.4