Givewp
by Givewp
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5941 | 0.00 | — | 0.00 | Aug 20, 2024 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This makes it possible for… | |||
| CVE-2024-37099 | 0.00 | — | 0.01 | Aug 19, 2024 | Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. | |||
| CVE-2024-5977 | 0.00 | — | 0.00 | Jul 19, 2024 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible… | |||
| CVE-2023-41665 | 0.00 | — | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | |||
| CVE-2023-23668 | 0.00 | — | 0.00 | May 8, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions. |
- CVE-2024-5941Aug 20, 2024risk 0.00cvss —epss 0.00
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This makes it possible for…
- CVE-2024-37099Aug 19, 2024risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
- CVE-2024-5977Jul 19, 2024risk 0.00cvss —epss 0.00
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible…
- CVE-2023-41665May 17, 2024risk 0.00cvss —epss 0.01
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
- CVE-2023-23668May 8, 2023risk 0.00cvss —epss 0.00
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.
Page 3 of 3