Vulnerabilities > Givewp > Givewp > 2.13.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-13 | CVE-2022-4448 | Unspecified vulnerability in Givewp The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2022-07-21 | CVE-2022-31475 | Path Traversal vulnerability in Givewp Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 4.9 |
2022-07-18 | CVE-2022-2117 | Unspecified vulnerability in Givewp The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. | 5.3 |