Vulnerabilities > Wpcharitable > Charitable > 1.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-47816 Cross-site Scripting vulnerability in Wpcharitable Charitable
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
network
low complexity
wpcharitable CWE-79
5.4
5.4
2023-08-23 CVE-2023-4404 Improper Privilege Management vulnerability in Wpcharitable Charitable
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function.
network
low complexity
wpcharitable CWE-269
critical
 9.8
9.8