Security News > 2024 > August > GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
2024-08-21 04:35

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,


News URL

https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-5932 Deserialization of Untrusted Data vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.
network
low complexity
givewp CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 49 36 409 104 29 578
Givewp 1 0 23 2 5 30
Plugin 2 0 13 0 0 13