CVE-2022-29433 MEDIUM

CVE-2022-29433: https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability

Vendor Nicdark
Product Donations (WordPress plugin)
Weakness CWE-79 · XSS
Published May 13, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.

Key dates

02Disclosure timeline

May 13, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting CVE-2024-37174 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) CVE-2023-30491 WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` CVE-2024-1572 WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode