What the vulnerability does
01Description
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
Explanation of Vulnerability in Simple Terms
02Summary
WP Attractive Donations System versions up to 1.25 lack proper authorization checks, allowing unauthenticated attackers to disrupt the donation service. An attacker can send requests over the network without authentication to trigger a denial-of-service condition. Site administrators should update to a version newer than 1.25 to restore availability.
What an attacker can do
03Attacker Capabilities
Make the donation system unavailable to legitimate users without needing to log in.
Potential impact on your site
04Site Impact
Donors cannot complete donations; the plugin becomes unusable until the attack stops or the site is patched.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 8, 2026
CVE published
April 28, 2026
Record updated