Buymeacoffee Buy_me_a_coffee
5 CVEs affecting Buymeacoffee Buy_me_a_coffee. Latest disclosed: 2024-06-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-2078 | High | 7.3 | 2023-07-11 | The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on th… |
CVE-2023-2079 | High | 7.1 | 2023-07-11 | The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the reciev… |
CVE-2023-2082 | Medium | 6.4 | 2023-07-14 | The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insuff… |
CVE-2023-2578 | Medium | 4.8 | 2023-07-10 | The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf… |
CVE-2023-25030 | Medium | 4.3 | 2024-06-12 | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. |