tldr; If you haven’t already, upgrade to Charitable 1.5.14. It resolves a security bug affecting some sites using Charitable.
Earlier this week we released Charitable 1.5.14, which fixes an security issue. We recommend all Charitable users upgrade to version 1.5.14 to fix a bug that can in certain scenarios allow unauthorized users to access the user and donation details of previous donations. Payment details such as credit card details were not exposed.
You can download this update via the plugin updater in WordPress, or from WordPress.org.
The issue was discovered internally late on Tuesday and we were able to get an update out by Wednesday evening local time. While we are not aware of any active attempts to exploit this bug, we have decided to be transparent in disclosing the issue to encourage all of our users to upgrade as soon as possible.
To all Charitable users: We are genuinely sorry for this security issue. We are disappointed to have let this one through, and we are committed to continuously improving Charitable in every respect.
We take all security issues very seriously at Charitable. If you believe you have found a security issue with Charitable, we ask that you contact our team directly at [email protected].
Leave a Reply