📦 Givewp
by Givewp
🔍 What is Givewp?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
The Donations Widget WordPress plugin contains a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code on affected websites. This affects all versions up t...
CVE-2025-22777 is a critical PHP object injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary code by exploiting insecure deserialization. This affects all ...
This vulnerability in the GiveWP WordPress plugin allows unauthenticated attackers to perform PHP object injection via donation form fields, leading to arbitrary file deletion and potential remote cod...
This vulnerability allows unauthenticated attackers to perform PHP object injection via the give_company_name parameter in the GiveWP WordPress plugin. Successful exploitation can lead to remote code ...
This vulnerability allows unauthenticated attackers to perform PHP object injection in the GiveWP WordPress plugin, leading to arbitrary file deletion and remote code execution. All WordPress sites us...
The GiveWP WordPress plugin is vulnerable to PHP object injection via the 'give_title' parameter, allowing unauthenticated attackers to execute arbitrary code and delete files. All versions up to 3.14...
CVE-2024-37099 is an unauthenticated PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit deserialization of untrusted data to execute arbitrary code on affected Wo...
CVE-2023-0224 is an SQL injection vulnerability in the GiveWP WordPress plugin that allows unauthenticated attackers to execute arbitrary SQL commands. This affects WordPress sites running GiveWP vers...
This vulnerability allows authenticated WordPress users with appropriate permissions to create arbitrary files on the server via the GiveWP plugin's export function. Attackers can potentially write ma...
This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the GiveWP donation plugin. The stored XSS executes when users view pages containing the i...
This vulnerability allows authenticated attackers with GiveWP Manager-level access or higher to perform time-based SQL injection attacks via the 'order' parameter in Legacy View mode. Attackers can ex...
This CVE describes a reflected cross-site scripting (XSS) vulnerability in the GiveWP WordPress plugin. Attackers can inject malicious scripts via crafted URLs that execute when victims visit those li...
CVE-2023-41665 is an improper privilege management vulnerability in the GiveWP WordPress plugin that allows authenticated attackers with GiveWP Manager role to escalate privileges to administrator. Th...
This CVE describes a PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit insecure deserialization to execute arbitrary code on affected websites. All WordPress sit...
This vulnerability allows attackers to inject malicious scripts into web pages generated by the GiveWP Give plugin for WordPress. When a user visits a specially crafted URL, the script executes in the...
CVE-2023-32513 is a PHP object injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary code through deserialization of untrusted data. This affects all WordPr...
The GiveWP WordPress plugin has an information disclosure vulnerability that allows unauthenticated attackers to access private donation forms and archived campaigns. All WordPress sites using GiveWP ...
This vulnerability allows authenticated WordPress users with GiveWP Worker-level access or higher to modify donation payment statuses without proper authorization. The missing capability check in the ...
The GiveWP WordPress plugin up to version 4.6.0 exposes donor information including names, emails, and donor IDs to unauthenticated attackers. This vulnerability affects all WordPress sites using vuln...
The GiveWP WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level permissions or higher to view and modify sensitive data. Attackers can acce...
The GiveWP WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to access sensitive earnings report data. This affects all WordPress sites using GiveWP version 3.2...
CVE-2023-23672 is a missing authorization vulnerability in the GiveWP WordPress plugin that allows authenticated users to delete arbitrary content without proper permissions. This affects WordPress si...
This vulnerability in the GiveWP WordPress plugin allows attackers to execute reflected cross-site scripting (XSS) attacks by injecting malicious scripts through unsanitized parameters. The attack pri...
A Cross-Site Request Forgery (CSRF) vulnerability in the GiveWP WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. This affects all GiveWP inst...
The GiveWP WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify event ticket settings when the Events beta feature is enabled. This affects all Wo...
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the GiveWP plugin's 'give_form' shortcode. The scripts exec...