Volerion logoVolerion
Volerion logoVolerion

Charitable WordPress Plugin SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Charitable donation plugin for WordPress, specifically in versions up to and including 1.8.10.4. The vulnerability arises from inadequate escaping of user-supplied data in the 's' parameter, allowing authenticated attackers with access to the donation management admin area to inject additional SQL queries. This exploitation could lead to unauthorized extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, where attackers can manipulate SQL queries to extract sensitive data from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with the 'edit_others_donations' capability can send a request to the donations management area with a crafted 's' parameter. The injected SQL could then be used to extract data from the database, taking advantage of the application's SQL query handling.

Remediation

Users are advised to update the Charitable WordPress plugin to version 1.8.10.5 or later.

Added: May 13, 2026, 8:10 PM
Updated: May 13, 2026, 8:10 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
6.0
remediation
7.7
relevance
8.2
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.