
CVE-2019-15317 – GiveWP <= 2.4.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15317
15 May 2019 — The give plugin before 2.4.7 for WordPress has XSS via a donor name. El plugin give versiones anteriores a 2.4.7 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de un nombre de donante. • https://blog.sucuri.net/2019/05/wordpress-plugin-give-stored-xss-for-donors.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2019-9909 – GiveWP <= 2.3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9909
05 Feb 2019 — The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. El plugin Donation Plugin and Fundraising Platform en versiones anteriores a la 2.3.1 para WordPress tiene Cross-Site Scripting (XSS) en csv en wp-admin/edit.php. WordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/151551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •