Refine your search
3 vulnerabilities found for WP Attractive Donations System - Easy Stripe & Paypal donations by loopus
CVE-2026-28115 (GCVE-0-2026-28115)
Vulnerability from cvelistv5
Published
2026-03-05 05:54
Modified
2026-04-28 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| loopus | WP Attractive Donations System - Easy Stripe & Paypal donations |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T16:47:38.380603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T17:46:02.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "WP_AttractiveDonationsSystem",
"product": "WP Attractive Donations System - Easy Stripe \u0026 Paypal donations",
"vendor": "loopus",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-28T13:51:49.043Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.\u003cp\u003eThis issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:15:08.653Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/WP_AttractiveDonationsSystem/vulnerability/wordpress-wp-attractive-donations-system-easy-stripe-paypal-donations-plugin-1-25-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Attractive Donations System - Easy Stripe \u0026 Paypal donations plugin \u003c= 1.25 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-28115",
"datePublished": "2026-03-05T05:54:28.114Z",
"dateReserved": "2026-02-25T12:14:07.578Z",
"dateUpdated": "2026-04-28T17:46:02.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22715 (GCVE-0-2025-22715)
Vulnerability from cvelistv5
Published
2026-01-08 09:17
Modified
2026-04-28 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| loopus | WP Attractive Donations System - Easy Stripe & Paypal donations |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T18:24:33.972148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T18:24:37.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "WP_AttractiveDonationsSystem",
"product": "WP Attractive Donations System - Easy Stripe \u0026 Paypal donations",
"vendor": "loopus",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:22:39.742Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:11:05.830Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/WP_AttractiveDonationsSystem/vulnerability/wordpress-wp-attractive-donations-system-easy-stripe-paypal-donations-plugin-1-25-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Attractive Donations System - Easy Stripe \u0026 Paypal donations plugin \u003c= 1.25 - Arbitrary Content Deletion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-22715",
"datePublished": "2026-01-08T09:17:39.620Z",
"dateReserved": "2025-01-07T21:03:35.333Z",
"dateUpdated": "2026-04-28T16:11:05.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58999 (GCVE-0-2025-58999)
Vulnerability from cvelistv5
Published
2025-12-16 08:12
Modified
2026-04-28 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| loopus | WP Attractive Donations System - Easy Stripe & Paypal donations |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:18:28.241790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T20:17:28.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "WP_AttractiveDonationsSystem",
"product": "WP Attractive Donations System - Easy Stripe \u0026 Paypal donations",
"vendor": "loopus",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bibek Dhakal | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T15:59:45.471Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.\u003cp\u003eThis issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe \u0026 Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe \u0026 Paypal donations: from n/a through \u003c= 1.25."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:51.340Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/WP_AttractiveDonationsSystem/vulnerability/wordpress-wp-attractive-donations-system-easy-stripe-paypal-donations-plugin-1-25-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Attractive Donations System - Easy Stripe \u0026 Paypal donations plugin \u003c= 1.25 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58999",
"datePublished": "2025-12-16T08:12:46.564Z",
"dateReserved": "2025-09-06T04:45:29.150Z",
"dateUpdated": "2026-04-28T20:17:28.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}