Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites | allinfosecnews.com

Aug. 22, 2023, 1:35 p.m. | István Márton

Wordfence www.wordfence.com

On August 10, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in the Donation Forms by Charitable plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by supplying a role ...
Read More

The post Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites appeared first on Wordfence.

august charitable critical disclosure donation escalation forms intelligence plugin privilege privilege escalation process research responsible responsible disclosure team threat threat intelligence unauthenticated vulnerabilities vulnerability websites wordfence wordpress wordpress plugin wordpress security

More from www.wordfence.com / Wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024) 19 hours ago | www.wordfence.com

april bounty bug bug bounty +16

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin 3 days, 19 hours ago | www.wordfence.com

bounty bug bug bounty deletion +16

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) 1 week ago | www.wordfence.com

april bounty bug bug bounty +17

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin 1 week, 2 days ago | www.wordfence.com

april bounty bug bug bounty +16

$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin 1 week, 6 days ago | www.wordfence.com

bounty bug bug bounty disclosure +18

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) 2 weeks ago | www.wordfence.com

april bounty bug bug bounty +17

$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin 2 weeks, 1 day ago | www.wordfence.com

activity log bounty bug bug bounty +21

$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 2 weeks, 3 days ago | www.wordfence.com

bounty bug bug bounty can +19

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) 3 weeks ago | www.wordfence.com

april bounty bug bug bounty +17

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States

View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States

View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden

View on infosec-jobs.com