Vulnerabilities > Givewp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-24524 | Cross-site Scripting vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. | 4.8 |
| 2021-05-17 | CVE-2021-24315 | Cross-site Scripting vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues. | 4.8 |
| 2021-04-12 | CVE-2021-24213 | Cross-site Scripting vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. | 6.1 |
| 2020-08-31 | CVE-2020-20627 | Missing Authentication for Critical Function vulnerability in Givewp The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | 5.3 |
| 2019-08-22 | CVE-2019-15317 | Cross-site Scripting vulnerability in Givewp The give plugin before 2.4.7 for WordPress has XSS via a donor name. | 5.4 |
| 2019-03-22 | CVE-2019-9909 | Cross-site Scripting vulnerability in Givewp The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | 6.1 |