WordPress Plugin Vulnerabilities

WordPress Stripe Donation and Payment Plugin < 3.2.4 - Missing Authorization

Description

The Accept Stripe Donation and Payments – AidWP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
wp-stripe-donation
Fixed in 3.2.4

References

CVE
CVE-2024-50459
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ec0bfd-6b3f-4de5-a7ea-73e35339202c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
1b785fcc-5397-438a-a7e5-793c289e5ba8

Timeline

Publicly Published
2024-10-24 (about 1 year ago)
Added
2024-10-30 (about 1 year ago)
Last Updated
2024-10-30 (about 1 year ago)

Other

Published
Title
Published
2024-06-06
Title
WP Time Slots Booking Form < 1.2.12 - Missing Authorization
Published
2022-10-27
Title
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
Published
2022-04-04
Title
Weblizar Pin It Button On Image Hover And Post < 3.4 - Subscriber+ Arbitrary Settings Update
Published
2024-09-04
Title
Form Vibes – Database Manager for Forms < 1.4.13 - Missing Authorization in Multiple Functions
Published
2026-02-16
Title
EventPrime < 4.2.8.5 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint