Givewp Donation Plugin And Fundraising Platform vulnerabilities
6 known vulnerabilities affecting givewp/givewp_donation_plugin_and_fundraising_platform.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-32513P3CRITICALCVSS 9.8≥ n/a, ≤ 2.25.32023-12-28
CVE-2023-32513 [CRITICAL] CWE-502 CVE-2023-32513: Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising P
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3.
nvd
CVE-2021-24213P3MEDIUMCVSS 6.1PoC≥ 2.4.0, < 2.4.0*≥ 2.10.0, < 2.10.02021-04-12
CVE-2021-24213 [MEDIUM] CWE-79 CVE-2021-24213: The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
nvd
CVE-2022-40312P3MEDIUMCVSS 6.5≥ n/a, ≤ 2.25.12023-12-18
CVE-2022-40312 [MEDIUM] CWE-918 CVE-2022-40312: Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
nvd
CVE-2023-25450P4HIGHCVSS 8.8≥ n/a, ≤ 2.25.12023-06-15
CVE-2023-25450 [HIGH] CWE-352 CVE-2023-25450: Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising P
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
nvd
CVE-2023-51415P4MEDIUMCVSS 5.4≥ n/a, ≤ 3.2.22024-02-10
CVE-2023-51415 [MEDIUM] CWE-79 CVE-2023-51415: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.
nvd
CVE-2021-24315P4MEDIUMCVSS 4.8≥ 2.10.4, < 2.10.42021-05-17
CVE-2021-24315 [MEDIUM] CWE-79 CVE-2021-24315: The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitis
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
nvd