CVE-2021-4377

Name of the Vulnerable Software and Affected Versions Doneren met Mollie plugin for WordPress versions up to and including 2.8.5

Description The issue concerns Sensitive Data Exposure due to missing capability checks in the dmm export donations() function, which is called via the admin post dmm export hook. This allows authenticated attackers to extract a CSV file containing sensitive donor information.

Recommendations For versions up to and including 2.8.5, update to a version that includes the necessary capability checks to prevent Sensitive Data Exposure. As a temporary workaround, consider restricting access to the admin post dmm export hook to minimize the risk of exploitation.