WordPress Plugin Vulnerabilities

Donations Made Easy - Smart Donations <= 4.0.12 - Stored XSS via CSRF

Description

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in Contributor add Stored XSS payloads via a CSRF attack

Affects Plugins

Plugin icon
smart-donations
No known fix

References

CVE
CVE-2023-47550

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.1 (high)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
aeed2e60-cdf2-42fe-b1cb-13bb777d196b

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-17 (about 2 years ago)
Last Updated
2023-11-17 (about 2 years ago)

Other

Published
Title
Published
2025-10-17
Title
Theme Editor < 3.1 - Cross-Site Request Forgery to Remote Code Execution
Published
2025-09-10
Title
Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery
Published
2020-09-16
Title
Import / Export Customizer Settings < 1.0.4 - Cross-Site Request Forgery
Published
2025-05-19
Title
Affiliates Manager Google reCAPTCHA Integration < 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-04-10
Title
Currency per Product for WooCommerce < 1.7.0 - Cross-Site Request Forgery to Notice Dismissal