Givewp

Givewp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-0252

Exploit
  • EPSS 0.23%
  • Veröffentlicht 21.02.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:38:14

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting

6.1

CVE-2021-25100

Exploit
  • EPSS 0.21%
  • Veröffentlicht 21.02.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:21

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting

6.1

CVE-2021-25099

Exploit
  • EPSS 2.41%
  • Veröffentlicht 21.02.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:20

The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting

4.8

CVE-2021-24524

Exploit
  • EPSS 0.23%
  • Veröffentlicht 23.08.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 05:53:14

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.

4.8

CVE-2021-24315

Exploit
  • EPSS 0.41%
  • Veröffentlicht 17.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:49

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored X...

6.1

CVE-2021-24213

Exploit
  • EPSS 2.22%
  • Veröffentlicht 12.04.2021 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:52:36

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.

5.3

CVE-2020-20627

  • EPSS 6.55%
  • Veröffentlicht 31.08.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 05:12:10

The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.

7.5

CVE-2019-20360

Exploit
  • EPSS 1.7%
  • Veröffentlicht 08.01.2020 06:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:18

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API k...

5.4

CVE-2019-15317

Exploit
  • EPSS 0.33%
  • Veröffentlicht 22.08.2019 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:28:26

The give plugin before 2.4.7 for WordPress has XSS via a donor name.

9.8

CVE-2019-13578

  • EPSS 3.04%
  • Veröffentlicht 15.08.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:14

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/paym...