Skip to main content

Buy Me A Coffee

5 CVEs product

Monthly

CVE-2023-25030 MEDIUM This Month

Missing Authorization vulnerability in Buy Me a Coffee.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Buy Me A Coffee
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2082 MEDIUM POC PATCH This Month

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Buy Me A Coffee
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-2079 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-2078 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-2578 MEDIUM POC This Month

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buy Me A Coffee
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Buy Me a Coffee.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Buy Me A Coffee
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Buy Me A Coffee
NVD VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Buy Me A Coffee
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Buy Me A Coffee
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buy Me A Coffee
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy