Givewp Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Givewp products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the GiveWP donation plugin. The stored X...
Nov 19, 2025The GiveWP WordPress plugin has an information disclosure vulnerability that allows unauthenticated attackers to access private donation forms and arc...
Oct 4, 2025This vulnerability allows authenticated WordPress users with GiveWP Worker-level access or higher to modify donation payment statuses without proper a...
Aug 21, 2025The GiveWP WordPress plugin up to version 4.6.0 exposes donor information including names, emails, and donor IDs to unauthenticated attackers. This vu...
Aug 6, 2025The GiveWP WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level permissions or higher to ...
Jun 19, 2025The GiveWP WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to access sensitive earnings report data. This af...
Mar 15, 2025The Donations Widget WordPress plugin contains a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code on...
Mar 4, 2025CVE-2025-22777 is a critical PHP object injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary code by expl...
Jan 13, 2025This vulnerability in the GiveWP WordPress plugin allows unauthenticated attackers to perform PHP object injection via donation form fields, leading t...
Jan 11, 2025CVE-2023-23672 is a missing authorization vulnerability in the GiveWP WordPress plugin that allows authenticated users to delete arbitrary content wit...
Jan 2, 2025This vulnerability in the GiveWP WordPress plugin allows attackers to execute reflected cross-site scripting (XSS) attacks by injecting malicious scri...
Dec 27, 2024This vulnerability allows unauthenticated attackers to perform PHP object injection via the give_company_name parameter in the GiveWP WordPress plugin...
Oct 16, 2024This vulnerability allows unauthenticated attackers to perform PHP object injection in the GiveWP WordPress plugin, leading to arbitrary file deletion...
Sep 28, 2024This vulnerability allows authenticated attackers with GiveWP Manager-level access or higher to perform time-based SQL injection attacks via the 'orde...
Sep 27, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the GiveWP WordPress plugin allows attackers to trick authenticated administrators into performin...
Sep 25, 2024The GiveWP WordPress plugin is vulnerable to PHP object injection via the 'give_title' parameter, allowing unauthenticated attackers to execute arbitr...
Aug 20, 2024The GiveWP WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify event ticket settings when the E...
Aug 20, 2024CVE-2024-37099 is an unauthenticated PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit deserialization of untru...
Aug 19, 2024This CVE describes a reflected cross-site scripting (XSS) vulnerability in the GiveWP WordPress plugin. Attackers can inject malicious scripts via cra...
Jun 8, 2024This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the GiveW...
May 18, 2024CVE-2023-41665 is an improper privilege management vulnerability in the GiveWP WordPress plugin that allows authenticated attackers with GiveWP Manage...
May 17, 2024This CVE describes a PHP object injection vulnerability in the GiveWP WordPress plugin. Attackers can exploit insecure deserialization to execute arbi...
Mar 28, 2024This vulnerability allows attackers to inject malicious scripts into web pages generated by the GiveWP Give plugin for WordPress. When a user visits a...
Mar 15, 2024CVE-2023-0224 is an SQL injection vulnerability in the GiveWP WordPress plugin that allows unauthenticated attackers to execute arbitrary SQL commands...
Jan 16, 2024CVE-2023-32513 is a PHP object injection vulnerability in the GiveWP WordPress plugin that allows attackers to execute arbitrary code through deserial...
Dec 28, 2023This vulnerability allows authenticated WordPress users with appropriate permissions to create arbitrary files on the server via the GiveWP plugin's e...
Jul 21, 2022Why Monitor Givewp Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Givewp products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Givewp packages in under 60 seconds. No agents required - completely agentless scanning that works across Givewp deployments.
Free vulnerability database: Access detailed information about every Givewp CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Givewp CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
