Vulnerabilities > Givewp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-9130 | SQL Injection vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-09-25 | CVE-2024-47315 | Cross-Site Request Forgery (CSRF) vulnerability in Givewp Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. | 8.8 |
| 2023-06-15 | CVE-2023-25450 | Cross-Site Request Forgery (CSRF) vulnerability in Givewp Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. | 8.8 |
| 2022-07-21 | CVE-2022-28700 | Unrestricted Upload of File with Dangerous Type vulnerability in Givewp Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 7.2 |
| 2020-01-08 | CVE-2019-20360 | Improper Authentication vulnerability in Givewp A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. | 7.5 |