CVE-2015-10122: 
WordPress vulnerability analysis and mitigation

CVE-2015-10122 is a critical SQL injection vulnerability affecting the wp-donate WordPress plugin versions up to 1.4. The vulnerability was discovered in the includes/donate-display.php file and was publicly disclosed on July 18, 2023. The affected plugin failed to properly sanitize user input, allowing for potential SQL injection attacks (NVD).

The vulnerability exists in the donate-display.php file where user input was not properly sanitized before being used in SQL queries. The issue received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote exploitation with no privileges or user interaction required (NVD).

If exploited, this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access, data theft, or manipulation of the database content (NVD).

The vulnerability was patched in version 1.5 of the wp-donate plugin. The fix involves proper sanitization of user input using WordPress's built-in query preparation functions, as evidenced in the patch commit 019114cb788d954c5d1b36d6c62418619e93a757. Users are strongly recommended to upgrade to version 1.5 or later (GitHub Commit).