Security Advisory

CVE-2023-4404

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-23 01:58:02

Last updated 2026-04-08 16:52:44

Assigner Wordfence

State PUBLISHED

Description

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the update_core_user function. This makes it possible for unauthenticated attackers to specify their user role by supplying the role parameter during a registration.

← Browse all CVEs View on cve.org ↗