WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to SQL Injection
CVE-2023-40207

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Donations Made Easy – Smart Donations
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-40207?

An SQL Injection vulnerability exists in the Donations Made Easy – Smart Donations plugin developed by RedNao. This security issue allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. The vulnerability affects all versions of the plugin up to and including version 4.0.12, signifying a need for prompt remediation to safeguard user data and ensure the integrity of the donation processes.

Affected Version(s)

Donations Made Easy – Smart Donations <= 4.0.12

References

https://patchstack.com/database/vulnerability/smart-donat...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Aug 10, 2023

Credit

minhtuanact (Patchstack Alliance)