CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47338 – WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-47338
26 Sep 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenti... • https://patchstack.com/database/vulnerability/wpexperts-square-for-give/wordpress-wpexperts-square-for-givewp-plugin-1-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47315 – WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-47315
25 Sep 2024 — Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.15.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an action they should not have access to via a forged request granted they can trick a site administrator into performing an action such as clicking on ... • https://patchstack.com/database/vulnerability/give/wordpress-givewp-donation-plugin-and-fundraising-platform-plugin-3-15-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35679 – WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35679
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en GiveWP permite el XSS reflejado. Este problema afecta a GiveWP: desde n/a hasta 3.12.0. The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Reflected C... • https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-12-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30229 – WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30229
28 Mar 2024 — Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2. Vulnerabilidad de deserialización de datos no confiables en GiveWP. Este problema afecta a GiveWP: desde n/a hasta 3.4.2. The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27987 – WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27987
15 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en GiveWP Give permite XSS reflejado. Este problema afecta a Give: desde n/a hasta 3.3.1. The GiveWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3... • https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47183 – WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47183
31 Oct 2023 — Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. The GiveWP plugin for WordPress is vulnerable to unauthorized donation form access due to a missing check on the handleBeforeGateway function that would ensure that a donation form can be used and is not trashed in versions up to, and including, 2.33.1. There is no real security impact, but such trashed donation forms could still rec... • https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41665 – WordPress GiveWP plugin <= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-41665
31 Aug 2023 — Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. La vulnerabilidad de gestión de privilegios incorrecta en GiveWP permite la escalada de privilegios. Este problema afecta a GiveWP: desde n/a hasta 2.33.0. The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for... • https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40211 – WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability
https://notcve.org/view.php?id=CVE-2022-40211
10 Mar 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en GiveWP permite almacenar XSS. Este problema afecta a GiveWP: desde n/a hasta 2.25.1. The GiveWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.25.1 due ... • https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-scripting-xss-via-render-dropdown-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23672 – WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability
https://notcve.org/view.php?id=CVE-2023-23672
10 Mar 2023 — Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. The GiveWP plugin for WordPress is vulnerable to Improper Authorization in versions up to, and including, 2.25.1. This makes it possible for authenticated attackers with contributor-level permissions to delete content from a vulnerable site. • https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-25-1-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-862: Missing Authorization •