VYPR

Givewp

by WordPress

Source repositories

CVEs (56)

  • CVE-2025-2331MedMar 22, 2025
    risk 0.34cvss 5.3epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for…

  • CVE-2023-47183MedJan 2, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.

  • CVE-2024-6551MedAug 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible…

  • CVE-2024-11921MedDec 27, 2024
    risk 0.31cvss 4.8epss 0.01

    The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2023-22719MedNov 7, 2023
    risk 0.31cvss 4.7epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

  • CVE-2022-2215MedAug 1, 2022
    risk 0.31cvss 4.8epss 0.00

    The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2021-24524MedAug 23, 2021
    risk 0.31cvss 4.8epss 0.01

    The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.

  • CVE-2025-4571MedJun 19, 2025
    risk 0.28cvss 5.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible…

  • CVE-2024-5941MedAug 20, 2024
    risk 0.28cvss 5.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This makes it possible for…

  • CVE-2024-5977MedJul 19, 2024
    risk 0.28cvss 5.4epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible…

  • CVE-2023-4246MedJan 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to…

  • CVE-2022-2117MedJul 18, 2022
    risk 0.28cvss 5.3epss 0.01

    The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This…

  • CVE-2025-8620MedAug 6, 2025
    risk 0.27cvss 5.3epss 0.01

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a…

  • CVE-2024-5939MedAug 20, 2024
    risk 0.27cvss 5.3epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated…

  • CVE-2025-7221MedAug 21, 2025
    risk 0.21cvss 4.3epss 0.00

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This makes it possible for…

  • CVE-2019-13578CriAug 15, 2019
    risk 0.00cvss 9.8epss 0.03

    A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

Page 3 of 3