Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
givewp givewp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-13578
A SQL injection vulnerability exists in the Impress GiveWP Give plugin up to and including 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via includes/payments/class-p...
Givewp Givewp
NA
CVE-2022-31475
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
Givewp Givewp
445
VMScore
CVE-2019-20360
A flaw in Give prior to 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta ...
Givewp Givewp
312
VMScore
CVE-2021-24315
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin prior to 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
Givewp Givewp
312
VMScore
CVE-2019-15317
The give plugin prior to 2.4.7 for WordPress has XSS via a donor name.
Givewp Givewp
NA
CVE-2023-32513
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a up to and including 2.25.3.
Givewp Givewp
445
VMScore
CVE-2020-20627
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin up to and including 2.5.9 for WordPress allows unauthenticated settings change.
Givewp Givewp
NA
CVE-2023-25450
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
Givewp Givewp
NA
CVE-2022-2260
The GiveWP WordPress plugin prior to 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow malicious users to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to re...
Givewp Givewp
383
VMScore
CVE-2021-25099
The GiveWP WordPress plugin prior to 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Givewp Givewp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »