Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
givewp givewp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-0224
The GiveWP WordPress plugin prior to 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
Givewp Givewp
9.8
CVSSv3
CVE-2023-32513
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a up to and including 2.25.3.
Givewp Givewp
9.8
CVSSv3
CVE-2023-22719
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a up to and including 2.25.1.
Givewp Givewp
9.8
CVSSv3
CVE-2019-13578
A SQL injection vulnerability exists in the Impress GiveWP Give plugin up to and including 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via includes/payments/class-p...
Givewp Givewp
8.8
CVSSv3
CVE-2023-25450
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
Givewp Givewp
7.5
CVSSv3
CVE-2019-20360
A flaw in Give prior to 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta ...
Givewp Givewp
7.2
CVSSv3
CVE-2022-28700
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
Givewp Givewp
6.5
CVSSv3
CVE-2022-40312
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a up to and including 2.25.1.
Givewp Givewp
6.5
CVSSv3
CVE-2022-2260
The GiveWP WordPress plugin prior to 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow malicious users to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to re...
Givewp Givewp
6.1
CVSSv3
CVE-2021-25099
The GiveWP WordPress plugin prior to 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Givewp Givewp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »