CVE-2022-2117
published 2022-07-18CVE-2022-2117: The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.91%
55.4th percentile
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givewp | givewp | <= 2.20.2 | — |
| stellarwp | givewp_donation_plugin_and_fundraising_platform | <= 2.20.2 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3r5r-hrfx-93qm: The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2
ghsa_unreviewed·2022-07-19
CVE-2022-2117 [MEDIUM] CWE-200 GHSA-3r5r-hrfx-93qm: The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.
Red Hat
podman: Security regression of CVE-2020-8945 due to source code management issue
vendor_redhat·2022-08-19·CVSS 7.5
CVE-2022-2738 [HIGH] CWE-416 podman: Security regression of CVE-2020-8945 due to source code management issue
podman: Security regression of CVE-2020-8945 due to source code management issue
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cvehttps://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cvehttps://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117
2022-07-18
Published