VYPR

Givewp

by WordPress

Source repositories

CVEs (56)

  • CVE-2022-0252MedFeb 21, 2022
    risk 0.40cvss 6.1epss 0.01

    The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting

  • CVE-2021-25100MedFeb 21, 2022
    risk 0.40cvss 6.1epss 0.01

    The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting

  • CVE-2021-25099MedFeb 21, 2022
    risk 0.40cvss 6.1epss 0.02

    The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting

  • CVE-2021-24213MedApr 12, 2021
    risk 0.40cvss 6.1epss 0.01

    The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.

  • CVE-2022-40211MedApr 12, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.

  • CVE-2022-40312MedDec 18, 2023
    risk 0.36cvss 5.5epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

  • CVE-2022-31475MedJul 21, 2022
    risk 0.36cvss 5.5epss 0.01

    Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

  • CVE-2025-7205MedJul 31, 2025
    risk 0.35cvss 5.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2025-2025MedMar 15, 2025
    risk 0.35cvss 6.5epss 0.01

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for…

  • CVE-2023-23672MedJan 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

  • CVE-2024-47315MedSep 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1.

  • CVE-2024-5940MedAug 20, 2024
    risk 0.35cvss 6.5epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for…

  • CVE-2024-3714MedMay 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and…

  • CVE-2024-1957MedApr 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user…

  • CVE-2023-4248MedJan 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated…

  • CVE-2023-4247MedJan 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate…

  • CVE-2023-25450MedJun 15, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.

  • CVE-2022-4448MedFeb 13, 2023
    risk 0.35cvss 5.4epss 0.01

    The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…

  • CVE-2020-20627MedAug 31, 2020
    risk 0.35cvss 5.3epss 0.02

    The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.

  • CVE-2025-11228MedOct 4, 2025
    risk 0.34cvss 5.3epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it…