Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Givewp Subscribe
Filtered by product Givewp

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2117 1 Givewp 1 Givewp 2024-01-11 N/A 5.3 MEDIUM
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.
CVE-2022-40312 1 Givewp 1 Givewp 2023-12-21 N/A 6.5 MEDIUM
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
CVE-2022-31475 1 Givewp 1 Givewp 2023-08-08 N/A 4.9 MEDIUM
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
CVE-2022-0252 1 Givewp 1 Givewp 2022-02-28 4.3 MEDIUM 6.1 MEDIUM
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-25100 1 Givewp 1 Givewp 2022-02-28 4.3 MEDIUM 6.1 MEDIUM
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-25099 1 Givewp 1 Givewp 2022-02-28 4.3 MEDIUM 6.1 MEDIUM
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
CVE-2021-24524 1 Givewp 1 Givewp 2021-08-26 3.5 LOW 4.8 MEDIUM
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.