Givewp

Givewp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-13206

  • EPSS 0.18%
  • Veröffentlicht 19.11.2025 07:46:08
  • Zuletzt bearbeitet 26.11.2025 16:22:12

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. ...

5.3

CVE-2025-11228

  • EPSS 0.09%
  • Veröffentlicht 04.10.2025 02:24:37
  • Zuletzt bearbeitet 26.11.2025 17:04:30

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including,...

6.5

CVE-2025-11227

  • EPSS 0.12%
  • Veröffentlicht 04.10.2025 02:24:35
  • Zuletzt bearbeitet 26.11.2025 17:03:10

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaig...

4.3

CVE-2025-7221

  • EPSS 0.03%
  • Veröffentlicht 21.08.2025 05:28:14
  • Zuletzt bearbeitet 03.12.2025 13:30:05

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. ...

5.3

CVE-2025-8620

  • EPSS 0.06%
  • Veröffentlicht 06.08.2025 09:22:32
  • Zuletzt bearbeitet 12.08.2025 16:33:03

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and don...

5.4

CVE-2025-7205

  • EPSS 0.03%
  • Veröffentlicht 31.07.2025 07:25:00
  • Zuletzt bearbeitet 13.08.2025 19:30:16

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escapi...

5.4

CVE-2025-4571

  • EPSS 0.1%
  • Veröffentlicht 19.06.2025 06:44:48
  • Zuletzt bearbeitet 10.07.2025 00:04:02

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3...

6.5

CVE-2025-2331

  • EPSS 0.17%
  • Veröffentlicht 22.03.2025 11:18:41
  • Zuletzt bearbeitet 11.08.2025 14:17:42

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This make...

7.5

CVE-2025-2025

Medienbericht
  • EPSS 0.42%
  • Veröffentlicht 15.03.2025 12:15:12
  • Zuletzt bearbeitet 25.03.2025 19:48:15

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes...

9.8

CVE-2025-0912

  • EPSS 3.68%
  • Veröffentlicht 04.03.2025 04:15:11
  • Zuletzt bearbeitet 05.03.2025 16:39:15

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. This makes it possible fo...