CVE-2024-27987 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2024-27987?

CVE-2024-27987 has a CVSS score of 7.1 (HIGH). This vulnerability allows attackers to inject malicious scripts into web pages generated by the GiveWP Give plugin for WordPress. When a user visits a specially crafted URL, the script executes in their browser, potentially stealing cookies, session tokens, or performing actions on their behalf. It affects all WordPress sites using GiveWP Give plugin versions up to 3.3.1.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages generated by the GiveWP Give plugin for WordPress. When a user visits a specially crafted URL, the script executes in their browser, potentially stealing cookies, session tokens, or performing actions on their behalf. It affects all WordPress sites using GiveWP Give plugin versions up to 3.3.1.

💻 Affected Systems

Products:

WordPress GiveWP Give plugin

Versions: n/a through 3.3.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Givewp by Givewp

View all CVEs affecting Givewp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, take over WordPress sites, deface content, install backdoors, or redirect users to malicious sites.

🟠

Likely Case

Attackers steal user session cookies, perform actions as authenticated users, or redirect to phishing pages.

🟢

If Mitigated

Script execution is blocked by Content Security Policy (CSP) headers or browser XSS filters, limiting damage to session theft.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is trivial to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.2 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find GiveWP Give plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.3.2+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate GiveWP Give plugin until patched.

wp plugin deactivate give

Implement Content Security Policy

all

Add CSP headers to block inline script execution.

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'"

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block XSS payloads in URLs.
Restrict plugin access to trusted users only using WordPress role management.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for GiveWP Give version. If version is 3.3.1 or lower, you are vulnerable.

Check Version:

wp plugin list --name=give --field=version

Verify Fix Applied:

Verify plugin version is 3.3.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual GET requests with script tags or JavaScript in query parameters
Multiple 404 errors for crafted URLs

Network Indicators:

HTTP requests containing <script>, javascript:, or encoded XSS payloads in URL parameters

SIEM Query:

source="web_server_logs" AND (url="*<script>*" OR url="*javascript:*" OR url="*%3Cscript%3E*")

📊 Metadata

CVE ID: CVE-2024-27987

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: March 15, 2024

Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27987, you might also want to check these: