Vulnerabilities > Givewp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-17 | CVE-2021-24315 | Unspecified vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues. | 4.8 |
| 2021-04-12 | CVE-2021-24213 | Unspecified vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. | 6.1 |
| 2020-08-31 | CVE-2020-20627 | Missing Authentication for Critical Function vulnerability in Givewp The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | 5.3 |
| 2020-01-08 | CVE-2019-20360 | Improper Authentication vulnerability in Givewp A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. | 7.5 |
| 2019-08-22 | CVE-2019-15317 | Cross-site Scripting vulnerability in Givewp The give plugin before 2.4.7 for WordPress has XSS via a donor name. | 5.4 |
| 2019-08-15 | CVE-2019-13578 | SQL Injection vulnerability in Givewp A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. | 9.8 |
| 2019-03-22 | CVE-2019-9909 | Cross-site Scripting vulnerability in Givewp The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | 6.1 |