CVE-2021-24572

Name of the Vulnerable Software and Affected Versions Accept Donations with PayPal WordPress plugin versions prior to 1.3.1

Description The issue arises from the lack of CSRF protection when deleting donation buttons, which are stored as posts. This allows an attacker to trick logged-in admins into deleting arbitrary posts, as there is no check to verify if the deleted post was a button post.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the post deletion functionality to minimize the risk of exploitation.