Vulnerabilities > Givewp > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-28 CVE-2024-8353 Deserialization of Untrusted Data vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'.
network
low complexity
givewp CWE-502
critical
9.8
2024-08-20 CVE-2024-5932 Deserialization of Untrusted Data vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter.
network
low complexity
givewp CWE-502
critical
9.8
2024-01-16 CVE-2023-0224 SQL Injection vulnerability in Givewp
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
network
low complexity
givewp CWE-89
critical
9.8
2023-12-28 CVE-2023-32513 Deserialization of Untrusted Data vulnerability in Givewp
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3.
network
low complexity
givewp CWE-502
critical
9.8
2023-11-07 CVE-2023-22719 Improper Neutralization of Formula Elements in a CSV File vulnerability in Givewp
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.
network
low complexity
givewp CWE-1236
critical
9.8
2019-08-15 CVE-2019-13578 SQL Injection vulnerability in Givewp
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress.
network
low complexity
givewp CWE-89
critical
9.8