CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9634 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9634
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution. • https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829 https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-8353 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. • https://github.com/maybeheisenberg/CVE-2024-8353 https://github.com/EQSTLab/CVE-2024-8353 https://plugins.trac.wordpress.org/browser/give/tags/3.16.0/includes/process-donation.php#L154 https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/includes/admin/admin-actions.php https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/includes/process-donation.php https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/src/Helpers/Utils.php https:& • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9130 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter
https://notcve.org/view.php?id=CVE-2024-9130
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, that can be used to extract sensitive information from the database. • https://givewp.com/documentation/core/give-user-roles https://plugins.trac.wordpress.org/browser/give/tags/3.16.1/includes/donors/class-give-donors-query.php#L453 https://plugins.trac.wordpress.org/changeset/3157829 https://plugins.trac.wordpress.org/changeset/3157829/give/trunk/includes/donors/class-give-donors-query.php https://wordpress.org/plugins/give/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/4a3cae01-620d-405e-baf6-2d66a5b429b3?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6551 – GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2024-6551
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/give/tags/3.15.1/vendor/vendor-prefixed/symfony/http-foundation/Tests/Fixtures/response-functional/common.inc#L23 https://www.wordfence.com/threat-intel/vulnerabilities/id/2a13ce09-b312-4186-b0e2-63065c47f15d?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 3CVE-2024-5932 – GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5932
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files. The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution. • https://github.com/EQSTLab/CVE-2024-5932?tab=readme-ov-file https://github.com/0xb0mb3r/CVE-2024-5932-PoC https://github.com/EQSTLab/CVE-2024-5932 https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/login-register.php#L235 https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/process-donation.php#L420 https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/src/DonorDashboards/Tabs/EditProfileTab/AvatarRoute.php#L51 https://plugins.trac.wordpress&# • CWE-502: Deserialization of Untrusted Data •