Vulnerabilities In The WordPress Total Donations Plugin

The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress. These vulnerabilities, present in all known versions of the plugin up to and including 2.0.5, are being exploited by malicious actors to gain administrative access to affected WordPress sites. They have reserved CVE-2019-6703 to track and reference these vulnerabilities collectively.

This plugin reached just over 2,500 sales before it was disabled from the CodeCanyon marketplace

We recomend that site owners using the Total Donations plugin delete (not just deactivate) this plugin as soon as possible to secure their sites.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: