Givewp

Givewp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-5941

  • EPSS 0.18%
  • Veröffentlicht 20.08.2024 02:15:05
  • Zuletzt bearbeitet 26.08.2024 18:14:39

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This...

5.3

CVE-2024-5940

  • EPSS 0.25%
  • Veröffentlicht 20.08.2024 02:15:04
  • Zuletzt bearbeitet 26.08.2024 18:14:14

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes ...

5.3

CVE-2024-5939

  • EPSS 0.44%
  • Veröffentlicht 20.08.2024 02:15:04
  • Zuletzt bearbeitet 26.08.2024 18:12:14

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possi...

9.8

CVE-2024-5932

  • EPSS 94.2%
  • Veröffentlicht 20.08.2024 02:15:04
  • Zuletzt bearbeitet 26.08.2024 18:34:13

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possib...

9.8

CVE-2024-37099

  • EPSS 0.19%
  • Veröffentlicht 19.08.2024 17:15:07
  • Zuletzt bearbeitet 28.02.2025 22:37:56

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.

5.4

CVE-2024-5977

  • EPSS 0.11%
  • Veröffentlicht 19.07.2024 11:15:03
  • Zuletzt bearbeitet 21.11.2024 09:48:40

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled ...

6.1

CVE-2024-35679

  • EPSS 0.28%
  • Veröffentlicht 08.06.2024 15:15:50
  • Zuletzt bearbeitet 21.11.2024 09:20:38

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0.

5.4

CVE-2024-3714

  • EPSS 0.24%
  • Veröffentlicht 18.05.2024 05:15:46
  • Zuletzt bearbeitet 05.03.2025 18:25:53

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficie...

8.8

CVE-2023-41665

  • EPSS 0.32%
  • Veröffentlicht 17.05.2024 07:15:59
  • Zuletzt bearbeitet 10.04.2025 19:54:31

Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.

5.4

CVE-2024-1957

  • EPSS 0.17%
  • Veröffentlicht 13.04.2024 02:15:06
  • Zuletzt bearbeitet 27.02.2025 14:54:18

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and outp...