wpcharitable CVE Vulnerabilities & Metrics

Focus on wpcharitable vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About wpcharitable Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with wpcharitable. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total wpcharitable CVEs: 6
Earliest CVE date: 09 Sep 2019, 13:15 UTC
Latest CVE date: 24 Sep 2024, 03:15 UTC

Latest CVE reference: CVE-2024-8791

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical wpcharitable CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.42

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS wpcharitable CVEs

These are the five CVEs with the highest CVSS scores for wpcharitable, sorted by severity first and recency.

CVE-2018-21011 wpcharitable Published on 09 Sep 2019, 13:15 UTC (CVSS: 5.0)
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
CVE-2021-24531 wpcharitable Published on 23 Aug 2021, 12:15 UTC (CVSS: 3.5)
The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
CVE-2024-8791 wpcharitable Published on 24 Sep 2024, 03:15 UTC (CVSS: 0)
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to upd...
CVE-2023-47816 wpcharitable Published on 22 Nov 2023, 23:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.
CVE-2023-4404 wpcharitable Published on 23 Aug 2023, 02:15 UTC (CVSS: 0)
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.

All CVEs for wpcharitable

CVE-2024-8791 wpcharitable vulnerability CVSS: 0 24 Sep 2024, 03:15 UTC

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.

CVE-2023-47816 wpcharitable vulnerability CVSS: 0 22 Nov 2023, 23:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions.

CVE-2023-4404 wpcharitable vulnerability CVSS: 0 23 Aug 2023, 02:15 UTC

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.

CVE-2022-47441 wpcharitable vulnerability CVSS: 0 10 May 2023, 11:15 UTC

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.

CVE-2021-24531 wpcharitable vulnerability CVSS: 3.5 23 Aug 2021, 12:15 UTC

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.

CVE-2018-21011 wpcharitable vulnerability CVSS: 5.0 09 Sep 2019, 13:15 UTC

The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.