Buymeacoffee Buy_me_a_coffee

5 CVEs affecting Buymeacoffee Buy_me_a_coffee. Latest disclosed: 2024-06-12. Critical: 0, High: 2.

Top CVEs affecting Buymeacoffee Buy_me_a_coffee
CVESeverityScorePublishedSummary
CVE-2023-2078High7.32023-07-11The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on th…
CVE-2023-2079High7.12023-07-11The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the reciev…
CVE-2023-2082Medium6.42023-07-14The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insuff…
CVE-2023-2578Medium4.82023-07-10The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf…
CVE-2023-25030Medium4.32024-06-12Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7.