Medium severity5.3NVD Advisory· Published Jul 18, 2022· Updated Apr 8, 2026

CVE-2022-2117

Description

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

Affected products

Givewp/Givewp
cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*
Range: <=2.20.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.phpnvdThird Party Advisory
www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5bnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000