The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
El complemento de WordPress GiveWP anterior a 2.24.1 no escapa correctamente a la entrada del usuario antes de llegar a las consultas SQL, lo que podría permitir a atacantes no autenticados realizar ataques de inyección SQL.
The GiveWP plugin for WordPress is vulnerable to SQL Injection versions up to, and including, 2.23.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
