CVE-2019-6703

Name of the Vulnerable Software and Affected Versions Calmar Webmedia Total Donations plugin versions through 2.0.5

Description The issue allows unauthenticated attackers to update arbitrary WordPress option values, potentially leading to site takeover. Attackers can send requests to "wp-admin/admin-ajax.php" to call the miglaA update me action, changing arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.

Recommendations For Calmar Webmedia Total Donations plugin versions through 2.0.5, update to a version later than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php" endpoint or disabling the miglaA update me action to minimize the risk of exploitation.