Vulnerabilities > Givewp > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-9130 SQL Injection vulnerability in Givewp
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
givewp CWE-89
7.2
2024-09-25 CVE-2024-47315 Cross-Site Request Forgery (CSRF) vulnerability in Givewp
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
network
low complexity
givewp CWE-352
8.8
2023-06-15 CVE-2023-25450 Cross-Site Request Forgery (CSRF) vulnerability in Givewp
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
network
low complexity
givewp CWE-352
8.8
2022-07-21 CVE-2022-28700 Unrestricted Upload of File with Dangerous Type vulnerability in Givewp
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
network
low complexity
givewp CWE-434
7.2
2020-01-08 CVE-2019-20360 Improper Authentication vulnerability in Givewp
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses.
network
low complexity
givewp CWE-287
7.5