WordPress Plugin Vulnerabilities

Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation

Description

The plugin does not validate parameters supplied to the update_core_user() function, which could allow users to register an account with any role (such as administrator) when registering via the registration form of the plugin (ie the [charitable_registration] shortcode embed in a page/post)

Affects Plugins

Plugin icon
charitable
Fixed in 1.7.0.13

References

CVE
CVE-2023-4404
URL
https://www.wordfence.com/blog/2023/08/critical-privilege-escalation-vulnerability-in-charitable-wordpress-plugin-affects-over-10000-sites/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
24a28dc0-24a4-4d4e-89a0-310592d77fba

Timeline

Publicly Published
2023-08-22 (about 2 years ago)
Added
2023-08-22 (about 2 years ago)
Last Updated
2023-08-22 (about 2 years ago)

Other

Published
Title
Published
2025-04-01
Title
Salon booking system < 10.15 - Authenticated Privilege Escalation
Published
2025-07-14
Title
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. < 2.2.2 - Unauthenticated Arbitrary File Deletion
Published
2025-12-11
Title
Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover
Published
2024-07-09
Title
Jobmonster < 4.7.6 - Unauthenticated Privilege Escalation
Published
2025-07-01
Title
CouponXxL Custom Post Types < 3.1 - Unauthenticated Privilege Escalation