Vulnerabilities > Givewp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-8353 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. | 9.8 |
| 2024-08-20 | CVE-2024-5932 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. | 9.8 |
| 2024-01-16 | CVE-2023-0224 | SQL Injection vulnerability in Givewp The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | 9.8 |
| 2023-12-28 | CVE-2023-32513 | Deserialization of Untrusted Data vulnerability in Givewp Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | 9.8 |
| 2023-11-07 | CVE-2023-22719 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Givewp Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 9.8 |
| 2019-08-15 | CVE-2019-13578 | SQL Injection vulnerability in Givewp A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. | 9.8 |