CVE-2024-12877 – This vulnerability in the GiveWP WordPress plug... (How to Fix)

Q: What is the severity of CVE-2024-12877?

CVE-2024-12877 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the GiveWP WordPress plugin allows unauthenticated attackers to perform PHP object injection via donation form fields, leading to arbitrary file deletion and potential remote code execution. All WordPress sites using GiveWP versions up to 3.19.2 are affected, with partial fixes in 3.19.3 and full remediation in 3.19.4.

📋 TL;DR

This vulnerability in the GiveWP WordPress plugin allows unauthenticated attackers to perform PHP object injection via donation form fields, leading to arbitrary file deletion and potential remote code execution. All WordPress sites using GiveWP versions up to 3.19.2 are affected, with partial fixes in 3.19.3 and full remediation in 3.19.4.

💻 Affected Systems

Products:

GiveWP – Donation Plugin and Fundraising Platform for WordPress

Versions: All versions up to and including 3.19.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Version 3.19.3 contains a partial patch; version 3.19.4 contains the complete fix.

📦 What is this software?

Givewp by Givewp

View all CVEs affecting Givewp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, and website defacement.

🟠

Likely Case

Arbitrary file deletion causing website disruption and potential data loss.

🟢

If Mitigated

Limited impact if proper input validation and file permissions are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires a POP chain for RCE, but file deletion is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.19.4

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3212723/give/tags/3.19.3/src/Helpers/Utils.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find GiveWP and click 'Update Now'. 4. Verify version is 3.19.4 or higher.

🔧 Temporary Workarounds

Disable GiveWP Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate give

Restrict Access to Donation Forms

all

Use web application firewall to block suspicious POST requests to donation endpoints.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all form fields
Apply principle of least privilege to file system permissions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for GiveWP version number.

Check Version:

wp plugin list --name=give --field=version

Verify Fix Applied:

Confirm GiveWP version is 3.19.4 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-json/give/ endpoints with serialized data in parameters
File deletion events in web server logs

Network Indicators:

HTTP requests containing serialized PHP objects in donation form submissions

SIEM Query:

source="web_server" AND (uri_path="/wp-json/give/*" AND method="POST" AND (param="firstName" OR param="lastName"))

📊 Metadata

CVE ID: CVE-2024-12877

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 32.91% exploit probability (96.8th percentile)

Published: January 11, 2025

Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12877, you might also want to check these: