CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24524 – GiveWP < 2.12.0 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24524
26 Jul 2021 — The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. El plugin GiveWP - Donation Plugin and Fundraising Platform WordPress versiones anteriores a 2.12.0, no escapaba la configuración del Nivel de Donación de sus Formularios de Donación, permitiendo a usuarios con altos privilegios usar cargas útiles de tipo Cross-Site Scripting en ellos. • https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24315 – Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24315
30 Apr 2021 — The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues. El plugin de WordPress GiveWP – Donation Plugin and Fundraising Platform versiones anteriores a 2.10.4, no sanea ni escapa del campo Background Image de su Stripe Checkout Setting y el campo Logo en su configuración de correo electrónico, conllevand... • https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24213 – GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24213
23 Mar 2021 — The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. El plugin GiveWP - Donation Plugin and Fundraising Platform WordPress versiones anteriores a 2.10.0, estuvo afectado por una vulnerabilidad de tipo Cross-Site Scripting reflejado dentro del panel de administración, por medio del parámetro GET "s" en la página Donors WordPress GiveW... • https://bentl.ee/posts/cve-givewp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-20627 – GiveWP <= 2.5.9 - Missing Authorization to Settings Update
https://notcve.org/view.php?id=CVE-2020-20627
30 Oct 2019 — The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. El archivo includes/gateways/stripe/includes/admin/admin-actions.php en el plugin GiveWP versiones hasta 2.5.9 para WordPress, permite cambios de configuración no autenticados • https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-wordpress-givewp-plugin • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20360 – GiveWP <= 2.5.4 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2019-20360
26 Sep 2019 — A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data. Un Fallo en Give versiones an... • https://wpvulndb.com/vulnerabilities/9889 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13578 – GiveWP - Donation Plugin and Fundraising Platform <= 2.5.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-13578
12 Aug 2019 — A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. Se presenta una vulnerabilidad de inyección SQL en el plugin Impress GiveWP Give versiones hasta 2.5.0 para WordPress. La explotación con éxito de esta vulnerabilidad permitiría a un atacante remoto ejecutar comandos SQL arbitrario... • https://fortiguard.com/zeroday/FG-VD-19-098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15317 – GiveWP <= 2.4.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15317
15 May 2019 — The give plugin before 2.4.7 for WordPress has XSS via a donor name. El plugin give versiones anteriores a 2.4.7 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de un nombre de donante. • https://blog.sucuri.net/2019/05/wordpress-plugin-give-stored-xss-for-donors.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9909 – GiveWP <= 2.3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9909
05 Feb 2019 — The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. El plugin Donation Plugin and Fundraising Platform en versiones anteriores a la 2.3.1 para WordPress tiene Cross-Site Scripting (XSS) en csv en wp-admin/edit.php. WordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2019/Mar/38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •