Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

Wordfence Intelligence > Vulnerability Database > Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation

9.8

Improper Privilege Management

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE	CVE-2023-4404
CVSS	9.8 (Critical)
Publicly Published	August 17, 2023
Last Updated	August 23, 2023
Researcher	István Márton - Wordfence

Description

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.

References

plugins.trac.wordpress.org

Vulnerability Details for Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Software Type	Plugin
Software Slug	charitable (view on wordpress.org)
Patched?	Yes
Remediation	Update to version 1.7.0.13, or a newer patched version
Affected Version	<= 1.7.0.12
Patched Version	1.7.0.13

Recent vulnerabilities in Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter

4.3

CVE-2026-10038

Jun 5, 2026

Researcher: Khanh Nguyen

Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

6.5

CVE-2026-7619

May 12, 2026

Researcher: Abi Wiranata

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

5.3

CVE-2026-3177

Apr 6, 2026

Researcher: Andrés Cruciani

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection

6.5

CVE-2025-11893

Oct 24, 2025

Researcher: Rafshanzani Suhada

Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings

4.4

CVE-2025-5275

Jun 25, 2025

Researcher: Jonas Benjamin Friedli

Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2025-47520

May 7, 2025

Researcher: Nabil Irawan

Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2025-30770

Mar 26, 2025

Researcher: Muhammad Yudha - DJ

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-10876

Nov 8, 2024

Researcher: Peter Thaleikis

Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation

9.8

CVE-2024-8791

Sep 23, 2024

Researcher: wesley (wcraft)

Charitable <= 1.8.1.7 - Missing Authorization via ajax_license_check()

5.3

CVE-2024-37510

Jul 4, 2024

Researcher: Dhabaleshwar Das

#	Title	CVE ID	CVSS	Researchers	Date
1	Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter	CVE-2026-10038	4.3	Khanh Nguyen	June 5, 2026
2	Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter	CVE-2026-7619	6.5	Abi Wiranata	May 12, 2026
3	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook	CVE-2026-3177	5.3	Andrés Cruciani	April 6, 2026
4	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection	CVE-2025-11893	6.5	Rafshanzani Suhada	October 24, 2025
5	Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings	CVE-2025-5275	4.4	Jonas Benjamin Friedli	June 25, 2025
6	Charitable <= 1.8.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2025-47520	4.4	Nabil Irawan	May 7, 2025
7	Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2025-30770	6.4	Muhammad Yudha - DJ	March 26, 2025
8	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting	CVE-2024-10876	6.1	Peter Thaleikis	November 8, 2024
9	Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation	CVE-2024-8791	9.8	wesley (wcraft)	September 23, 2024
10	Charitable <= 1.8.1.7 - Missing Authorization via ajax_license_check()	CVE-2024-37510	5.3	Dhabaleshwar Das	July 4, 2024

View more vulnerabilities in this software package View more vulnerabilities

This record contains material that is subject to copyright.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more.

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more.

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation