Skip to main content

Cryptocurrency Donation Box Bitcoin Crypto Donations

1 CVEs product

Monthly

CVE-2026-39691 MEDIUM This Month

AdAstraCrypto Cryptocurrency Donation Box plugin for WordPress versions up to 2.2.13 allows unauthenticated remote attackers to modify cryptocurrency donation settings due to missing authorization checks on access control endpoints. The vulnerability enables unauthorized changes to donation configuration without requiring authentication or user interaction, though it does not expose sensitive data or cause denial of service. With an EPSS score of 0.02% and no evidence of active exploitation, this represents a low-probability but direct authorization bypass in a niche plugin.

Authentication Bypass Cryptocurrency Donation Box Bitcoin Crypto Donations
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

AdAstraCrypto Cryptocurrency Donation Box plugin for WordPress versions up to 2.2.13 allows unauthenticated remote attackers to modify cryptocurrency donation settings due to missing authorization checks on access control endpoints. The vulnerability enables unauthorized changes to donation configuration without requiring authentication or user interaction, though it does not expose sensitive data or cause denial of service. With an EPSS score of 0.02% and no evidence of active exploitation, this represents a low-probability but direct authorization bypass in a niche plugin.

Authentication Bypass Cryptocurrency Donation Box Bitcoin Crypto Donations
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy