Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
givewp givewp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-25099
The GiveWP WordPress plugin prior to 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Givewp Givewp
6.1
CVSSv3
CVE-2021-25100
The GiveWP WordPress plugin prior to 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
Givewp Givewp
6.1
CVSSv3
CVE-2021-24213
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin prior to 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
Givewp Givewp
5.4
CVSSv3
CVE-2019-15317
The give plugin prior to 2.4.7 for WordPress has XSS via a donor name.
Givewp Givewp
4.8
CVSSv3
CVE-2021-24315
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin prior to 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
Givewp Givewp
5.3
CVSSv3
CVE-2020-20627
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin up to and including 2.5.9 for WordPress allows unauthenticated settings change.
Givewp Givewp
9.8
CVSSv3
CVE-2019-13578
A SQL injection vulnerability exists in the Impress GiveWP Give plugin up to and including 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via includes/payments/class-p...
Givewp Givewp
NA
CVE-2023-41665
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a up to and including 2.33.0.
NA
CVE-2022-40211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a up to and including 2.25.1.
NA
CVE-2024-30229
Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a up to and including 3.4.2.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »