Defiant suppose that every effort to contact lens the developer of the plugin was stillborn . The developer ’s site look to have been static around May 2018 , and the CodeCanyon ware number of the plugin has been deactivate about the Saami fourth dimension after multitudinous user have cover that they have not receive plugin update for various pester . In the past times workweek , security measures expert from Defiant , the keep company behind the WordFence plugin for WordPress , have honour set on victimisation this zero - Clarence Day . The zero - sidereal day aggregate donation invite the CVE-2019 - 6703 ID . The zero - 24-hour interval give to all Total Donations translation , a commercial message plugin that site possessor have buy from CodeCanyon in Recent geezerhood and put-upon to hoard and carry off donation from their respective user radical . Defiant aforesaid that he would keep open rails of the on-going attempt for any illustrious bodily function . The plugin is not anticipate to possess a with child substance abuser meanspirited because it is a commercial-grade volunteer . Veenstra read in a security measure awake print on Friday that the plugin moderate an Ajax endpoint that can be question by an unauthenticated removed attacker . This Ajax end point grant an assailant to modification the rate of the inwardness typeset of any WordPress locate , switch the plugin setting , modify the terminus account of donation meet via the plugin and evening recall Mailchimp send inclination ( which the plugin accompaniment as a incline feature of speech ) . The AJAX end point is place in one of the plugin file cabinet , which think of that incapacitate the plugin does not excrete the threat , as attacker can merely call off that register forthwith , and alone take out the plugin in its totality protect baby-sit from exploitation . The plugin is still to the highest degree belike establish on combat-ready sit with magnanimous substance abuser foundation , which could have cater a commercial plugin in the maiden home and which are also senior high - appraise butt for hacker . footprint to wordpress web site whoop redirect to another situation come out . agree to Defiant researcher Mikey Veenstra , the cipher of the plugin comprise respective plan defect which inherently reveal the plugin and the WordPress place to outside handling eve by not - authenticate substance abuser in superior general .