Vulnerabilities

CVE-2022-4004

by Fred · 12/12/2022

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin’s Twilio integration to send SMSes to arbitrary phone numbers.

Date published : 2022-12-12

https://wpscan.com/vulnerability/6a3bcfb3-3ede-459d-969f-b7b30dafd098

Similar

Tags: Cybersecurity Alert