Browse all 3 CVE security advisories affecting buymeacoffee. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BuyMeACoffee operates as a platform enabling creators to accept monetary support from fans through one-time donations or subscriptions. Historically, the platform has been susceptible to cross-site scripting (XSS) vulnerabilities, which could allow attackers to inject malicious scripts into user browsers. Remote code execution (RCE) vulnerabilities have also been identified, potentially enabling unauthorized system access. While no major public security incidents have been widely reported, the platform maintains three CVE records, primarily reflecting these common web vulnerability classes. Security researchers have noted that the platform's open nature and third-party integrations may introduce additional attack surfaces, requiring ongoing vigilance in input validation and access controls to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-2082 | Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Buy Me a Coffee – Button and Widget PluginCWE-79 | 6.4 | Medium | 2023-07-14 |
| CVE-2023-2078 | Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization — Buy Me a Coffee – Button and Widget PluginCWE-862 | 7.3 | High | 2023-07-11 |
| CVE-2023-2079 | Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery — Buy Me a Coffee – Button and Widget PluginCWE-352 | 7.1 | High | 2023-07-11 |
This page lists every published CVE security advisory associated with buymeacoffee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.