WordPress Plugin Vulnerabilities

Charitable <= 1.5.13 - Unauthorised Access

Description

From the vendor blog pos details:

Fix a bug that can in certain scenarios allow unauthorized users to access the user and donation details of previous donations. Payment details such as credit card details were not exposed.

Affects Plugins

Plugin icon
charitable
Fixed in 1.5.14

References

CVE
CVE-2018-21011
URL
https://www.wpcharitable.com/release-notes-security-release-1-5-14/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
eff85633-434d-4b09-857e-143d9d8ff73b

Timeline

Publicly Published
2018-05-16 (about 7 years ago)
Added
2019-06-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-02-28
Title
MainWP Child <= 3.4.4 - Authentication Bypass
Published
2024-03-11
Title
Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
Published
2025-01-06
Title
PayU CommercePro Plugin < 3.8.4 - Unauthenticated Privilege Escalation
Published
2026-04-09
Title
Customer Reviews for WooCommerce < 5.104.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter
Published
2025-07-25
Title
MelaPress Login Security 2.1.0 - 2.1.1 - Privilege Escalation via Authentication Bypass