Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
givewp givewp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-25099
The GiveWP WordPress plugin prior to 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Givewp Givewp
6.1
CVSSv3
CVE-2021-25100
The GiveWP WordPress plugin prior to 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
Givewp Givewp
8.8
CVSSv3
CVE-2023-25450
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
Givewp Givewp
6.5
CVSSv3
CVE-2022-40312
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a up to and including 2.25.1.
Givewp Givewp
6.1
CVSSv3
CVE-2021-24213
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin prior to 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
Givewp Givewp
5.4
CVSSv3
CVE-2023-23668
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.
Givewp Givewp
6.1
CVSSv3
CVE-2019-9909
The "Donation Plugin and Fundraising Platform" plugin prior to 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
Givewp Givewp
NA
CVE-2022-40211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a up to and including 2.25.1.
NA
CVE-2024-30229
Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a up to and including 3.4.2.
NA
CVE-2024-27987
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a up to and including 3.3.1.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »