Givewp

Givewp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2022-40211

  • EPSS 0.06%
  • Veröffentlicht 12.04.2024 13:15:14
  • Zuletzt bearbeitet 27.02.2025 14:54:18

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.

5.4

CVE-2024-1424

  • EPSS 0.13%
  • Veröffentlicht 09.04.2024 19:15:17
  • Zuletzt bearbeitet 27.02.2025 14:53:37

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escapi...

7.2

CVE-2024-30229

  • EPSS 0.61%
  • Veröffentlicht 28.03.2024 05:15:51
  • Zuletzt bearbeitet 25.02.2025 14:24:44

Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.

6.1

CVE-2024-27987

  • EPSS 0.08%
  • Veröffentlicht 15.03.2024 11:15:09
  • Zuletzt bearbeitet 25.02.2025 14:21:17

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1.

5.4

CVE-2023-51415

  • EPSS 0.07%
  • Veröffentlicht 10.02.2024 09:15:07
  • Zuletzt bearbeitet 21.11.2024 08:38:04

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: fro...

9.8

CVE-2023-0224

Exploit
  • EPSS 1.16%
  • Veröffentlicht 16.01.2024 16:15:10
  • Zuletzt bearbeitet 13.06.2025 16:15:24

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

4.3

CVE-2023-4248

  • EPSS 0.09%
  • Veröffentlicht 11.01.2024 09:15:46
  • Zuletzt bearbeitet 03.06.2025 14:15:32

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it po...

5.4

CVE-2023-4247

  • EPSS 0.08%
  • Veröffentlicht 11.01.2024 09:15:46
  • Zuletzt bearbeitet 21.11.2024 08:34:42

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthentica...

4.3

CVE-2023-4246

  • EPSS 0.32%
  • Veröffentlicht 11.01.2024 09:15:46
  • Zuletzt bearbeitet 21.11.2024 08:34:42

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for ...

9.8

CVE-2023-32513

  • EPSS 0.3%
  • Veröffentlicht 28.12.2023 11:15:08
  • Zuletzt bearbeitet 21.11.2024 08:03:30

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3.