Givewp

Givewp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-22777

  • EPSS 0.57%
  • Veröffentlicht 13.01.2025 14:15:12
  • Zuletzt bearbeitet 04.06.2025 14:07:37

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.

9.8

CVE-2024-12877

  • EPSS 27.51%
  • Veröffentlicht 11.01.2025 08:15:26
  • Zuletzt bearbeitet 25.02.2025 15:53:19

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes i...

5.4

CVE-2023-23672

  • EPSS 0.17%
  • Veröffentlicht 02.01.2025 16:15:07
  • Zuletzt bearbeitet 25.02.2025 22:40:27

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

9.8

CVE-2023-47183

  • EPSS 0.34%
  • Veröffentlicht 02.01.2025 12:15:14
  • Zuletzt bearbeitet 25.02.2025 22:39:45

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

4.8

CVE-2024-11921

Exploit
  • EPSS 1.62%
  • Veröffentlicht 27.12.2024 06:15:23
  • Zuletzt bearbeitet 14.05.2025 14:43:26

The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

9.8

CVE-2024-9634

  • EPSS 20.36%
  • Veröffentlicht 16.10.2024 02:15:07
  • Zuletzt bearbeitet 27.02.2025 18:47:11

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it p...

9.8

CVE-2024-8353

  • EPSS 92.02%
  • Veröffentlicht 28.09.2024 02:15:09
  • Zuletzt bearbeitet 01.10.2024 14:31:21

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_ad...

7.2

CVE-2024-9130

  • EPSS 0.94%
  • Veröffentlicht 27.09.2024 06:15:13
  • Zuletzt bearbeitet 04.10.2024 17:18:59

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter an...

8.8

CVE-2024-47315

  • EPSS 0.08%
  • Veröffentlicht 25.09.2024 18:15:05
  • Zuletzt bearbeitet 30.09.2024 18:06:36

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.

5.3

CVE-2024-6551

  • EPSS 0.41%
  • Veröffentlicht 29.08.2024 11:15:28
  • Zuletzt bearbeitet 04.10.2024 15:57:15

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files...