WordPress Plugin Vulnerabilities

Charitable < 1.8.1.8 - Missing Authorization to Unauthorized Donation

Description

The Charitable plugin for WordPress is vulnerable to unauthorized access due to insufficient verification on the process_donation() function in versions up to, and including, 1.8.1.7. This makes it possible for unauthenticated attackers to donate on forms they shouldn't have access to.

Affects Plugins

Plugin icon
charitable
Fixed in 1.8.1.8

References

CVE
CVE-2024-37506
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6c977f-6ab3-4c94-83b1-968dafca4a8e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Manab Jyoti Dowarah
Verified
No
WPVDB ID
f423e4b9-0494-45fc-aa3f-083aac4840cf

Timeline

Publicly Published
2024-07-04 (about 1 year ago)
Added
2024-07-10 (about 1 year ago)
Last Updated
2024-07-10 (about 1 year ago)

Other

Published
Title
Published
2025-08-05
Title
Zakra < 4.1.6 - Missing Authorization to Subscriber+ Demo Import
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Subscriber+ Template Condition Update
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Theme Activation
Published
2025-11-14
Title
Survey Maker < 5.1.9.5 - Missing Authorization
Published
2025-04-10
Title
Customify <= 0.4.8 - Missing Authorization