Give
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20360 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2020 | A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta… | ||
| CVE-2025-67467 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1. | ||
| CVE-2019-15317 | Med | 0.35 | 5.4 | 0.01 | Aug 22, 2019 | The give plugin before 2.4.7 for WordPress has XSS via a donor name. | ||
| CVE-2025-66533 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1. |
- risk 0.49cvss 7.5epss 0.02
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.
- risk 0.35cvss 5.4epss 0.01
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
- risk 0.34cvss 5.3epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.