CVE-2025-5275 – WordPress Charitable Donation Plugin Stored Cross-Site Scripting

June 26, 2025

CVE ID : CVE-2025-5275

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
This issue was partially fixed in version 1.8.6.1 and fully fixed in version 1.8.6.2.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5813 – Amazon Products to WooCommerce Plugin Unauthenticated Product Creation Vulnerability

Next Article CVE-2025-6538 – WordPress Post Rating and Review Stored Cross-Site Scripting

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2025-5275 – WordPress Charitable Donation Plugin Stored Cross-Site Scripting

Qilin Ransomware Attack on NHS Causes Patient Death in the UK

CVE-2025-6817 – HDF5 Resource Consumption Denial of Service

Microsoft Teams to block “unauthorized screen captures” — This new Prevent Screen Capture tool improves your privacy

CVE-2024-9524 – Avira Prime Link Following Local Privilege Escalation Vulnerability

Devin AI Introduces DeepWiki: A New AI-Powered Interface to Understand GitHub Repositories

How to Use Your Raspberry Pi Headlessly with VS Code and SSH (No Monitor Needed)

CVE-2025-25251 – FortiClient Mac Incorrect Authorization Privilege Escalation Vulnerability

Memorado lets you memorize anything

CVE-2025-53336 – Abditsori My Resume Builder Stored Cross-Site Scripting

Can I play Clair Obscur: Expedition 33 on Steam Deck, ROG Ally, and other gaming handhelds?

CVE-2025-5275 – WordPress Charitable Donation Plugin Stored Cross-Site Scripting

Related Posts