Vulnerabilities > Donations Project

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-13	CVE-2022-29433	Cross-site Scripting vulnerability in Donations Project Donations Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. network low complexity donations-project CWE-79	5.4
2022-04-25	CVE-2022-0782	SQL Injection vulnerability in Donations Project Donations The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection network low complexity donations-project CWE-89 critical	9.8
2019-08-29	CVE-2019-15772	Open Redirect vulnerability in Donations Project Donations The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. network low complexity donations-project CWE-601	6.1

Vulnerabilities > Donations Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Donations Project"}]}