Search criteria

12 vulnerabilities by givewp

CVE-2023-41665 (GCVE-0-2023-41665)

Vulnerability from cvelistv5 – Published: 2024-05-17 06:53 – Updated: 2026-04-28 16:08
VLAI?
Title
WordPress GiveWP plugin <= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP Affected: n/a , ≤ 2.33.0 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T18:07:25.364105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:21:49.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:01:35.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.33.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.33.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.\u003cp\u003eThis issue affects GiveWP: from n/a through 2.33.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:38.020Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-33-0-givewp-manager-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 2.33.1 or a higher version."
            }
          ],
          "value": "Update to 2.33.1 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP plugin \u003c= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-41665",
    "datePublished": "2024-05-17T06:53:56.913Z",
    "dateReserved": "2023-08-30T13:02:41.615Z",
    "dateUpdated": "2026-04-28T16:08:38.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-40211 (GCVE-0-2022-40211)

Vulnerability from cvelistv5 – Published: 2024-04-12 13:09 – Updated: 2026-04-28 16:07
VLAI?
Title
WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP Affected: n/a , ≤ 2.25.1 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T19:56:13.559638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T19:56:23.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-scripting-xss-via-render-dropdown-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.25.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.25.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in GiveWP allows Stored XSS.\u003cp\u003eThis issue affects GiveWP: from n/a through 2.25.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:07:47.878Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-scripting-xss-via-render-dropdown-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 2.25.2 or a higher version."
            }
          ],
          "value": "Update to 2.25.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP plugin \u003c= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2022-40211",
    "datePublished": "2024-04-12T13:09:39.686Z",
    "dateReserved": "2022-09-14T13:22:24.153Z",
    "dateUpdated": "2026-04-28T16:07:47.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-51415 (GCVE-0-2023-51415)

Vulnerability from cvelistv5 – Published: 2024-02-10 08:39 – Updated: 2026-04-28 16:09
VLAI?
Title
WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2.
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
Impacted products
Credits
LVT-tholv2k (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51415",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-11T16:55:48.358099Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:45:53.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:32:09.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.3.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.2.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "LVT-tholv2k (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform allows Stored XSS.\u003cp\u003eThis issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 3.2.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 3.2.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:01.932Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a03.3.0 or a higher version."
            }
          ],
          "value": "Update to\u00a03.3.0 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 3.2.2 is vulnerable to Cross Site Scripting (XSS)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-51415",
    "datePublished": "2024-02-10T08:39:12.408Z",
    "dateReserved": "2023-12-18T22:41:07.589Z",
    "dateUpdated": "2026-04-28T16:09:01.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-32513 (GCVE-0-2023-32513)

Vulnerability from cvelistv5 – Published: 2023-12-28 10:46 – Updated: 2026-04-28 16:08
VLAI?
Title
WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection
Summary
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:18:37.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.26.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.25.3",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.\u003cp\u003eThis issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.3.\u003c/p\u003e"
            }
          ],
          "value": "Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:23.149Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a02.26.0 or a higher version."
            }
          ],
          "value": "Update to\u00a02.26.0 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 2.25.3 is vulnerable to PHP Object Injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-32513",
    "datePublished": "2023-12-28T10:46:26.559Z",
    "dateReserved": "2023-05-09T11:45:38.662Z",
    "dateUpdated": "2026-04-28T16:08:23.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-40312 (GCVE-0-2022-40312)

Vulnerability from cvelistv5 – Published: 2023-12-18 15:08 – Updated: 2026-04-28 16:07
VLAI?
Title
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
Impacted products
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:40.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.25.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.25.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.\u003cp\u003eThis issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1.\u003c/p\u003e"
            }
          ],
          "value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:07:47.998Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a02.25.2 or a higher version."
            }
          ],
          "value": "Update to\u00a02.25.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2022-40312",
    "datePublished": "2023-12-18T15:08:55.293Z",
    "dateReserved": "2022-09-14T13:22:24.163Z",
    "dateUpdated": "2026-04-28T16:07:47.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-22719 (GCVE-0-2023-22719)

Vulnerability from cvelistv5 – Published: 2023-11-07 15:41 – Updated: 2026-04-28 16:07
VLAI?
Title
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection
Summary
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP Affected: n/a , ≤ 2.25.1 (custom)
Create a notification for this product.
Credits
Rafshanzani Suhada (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:50.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-csv-injection-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "givewp",
            "vendor": "givewp",
            "versions": [
              {
                "lessThanOrEqual": "2.25.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-22719",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T14:04:34.169495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T14:12:08.629Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.25.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.25.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafshanzani Suhada (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.\u003cp\u003eThis issue affects GiveWP: from n/a through 2.25.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:07:59.912Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-csv-injection-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a02.25.2 or a higher version."
            }
          ],
          "value": "Update to\u00a02.25.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 2.25.1 is vulnerable to CSV Injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-22719",
    "datePublished": "2023-11-07T15:41:52.708Z",
    "dateReserved": "2023-01-06T12:03:03.058Z",
    "dateUpdated": "2026-04-28T16:07:59.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-25450 (GCVE-0-2023-25450)

Vulnerability from cvelistv5 – Published: 2023-06-15 12:21 – Updated: 2026-04-28 16:08
VLAI?
Title
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
Impacted products
Credits
Rio Darmawan (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:18:36.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25450",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T11:40:03.029520Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T11:43:57.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.25.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.25.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rio Darmawan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.25.1 versions.\u003c/span\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform plugin \u003c=\u00a02.25.1 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-62",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-62 Cross Site Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:07.919Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a02.25.2 or a higher version."
            }
          ],
          "value": "Update to\u00a02.25.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-25450",
    "datePublished": "2023-06-15T12:21:35.740Z",
    "dateReserved": "2023-02-06T12:38:03.962Z",
    "dateUpdated": "2026-04-28T16:08:07.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-23668 (GCVE-0-2023-23668)

Vulnerability from cvelistv5 – Published: 2023-05-08 11:56 – Updated: 2026-04-28 16:08
VLAI?
Title
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP Affected: n/a , ≤ 2.25.1 (2.25.2)
Create a notification for this product.
Credits
Rafshanzani Suhada (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23668",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T14:25:47.672578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T15:25:53.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "give",
          "product": "GiveWP",
          "vendor": "GiveWP",
          "versions": [
            {
              "lessThanOrEqual": "2.25.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "2.25.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafshanzani Suhada (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a0\u003c= 2.25.1 versions.\u003c/span\u003e"
            }
          ],
          "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin\u00a0\u003c= 2.25.1 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:00.257Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u00a02.25.2 or a higher version."
            }
          ],
          "value": "Update to\u00a02.25.2 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP Plugin \u003c= 2.25.1 is vulnerable to Cross Site Scripting (XSS)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-23668",
    "datePublished": "2023-05-08T11:56:34.589Z",
    "dateReserved": "2023-01-17T05:01:32.241Z",
    "dateUpdated": "2026-04-28T16:08:00.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-31475 (GCVE-0-2022-31475)

Vulnerability from cvelistv5 – Published: 2022-07-21 17:24 – Updated: 2026-04-28 16:07
VLAI?
Title
WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability
Summary
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
CWE
  • Arbitrary File Read
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP (WordPress plugin) Affected: <= 2.20.2 , ≤ 2.20.2 (custom)
Create a notification for this product.
Credits
Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/give/#developers"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-20T19:28:18.564382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-552",
                "description": "CWE-552 Files or Directories Accessible to External Parties",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-20T20:16:51.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GiveWP (WordPress plugin)",
          "vendor": "GiveWP",
          "versions": [
            {
              "lessThanOrEqual": "2.20.2",
              "status": "affected",
              "version": "\u003c= 2.20.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
        }
      ],
      "datePublic": "2022-07-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP\u0027s GiveWP plugin \u003c= 2.20.2 at WordPress."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:07:43.435Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/give/#developers"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to 2.21.0 or higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP plugin \u003c= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "audit@patchstack.com",
          "DATE_PUBLIC": "2022-07-12T14:18:00.000Z",
          "ID": "CVE-2022-31475",
          "STATE": "PUBLIC",
          "TITLE": "WordPress GiveWP plugin \u003c= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GiveWP (WordPress plugin)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "\u003c= 2.20.2",
                            "version_value": "2.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GiveWP"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP\u0027s GiveWP plugin \u003c= 2.20.2 at WordPress."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/give/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/give/#developers"
            },
            {
              "name": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-read-via-export-function-vulnerability"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to 2.21.0 or higher version."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2022-31475",
    "datePublished": "2022-07-21T17:24:56.586Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2026-04-28T16:07:43.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-28700 (GCVE-0-2022-28700)

Vulnerability from cvelistv5 – Published: 2022-07-21 17:23 – Updated: 2026-04-28 16:07
VLAI?
Title
WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability
Summary
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
CWE
  • Arbitrary File Creation
Assigner
Impacted products
Vendor Product Version
GiveWP GiveWP (WordPress plugin) Affected: <= 2.20.2 , ≤ 2.20.2 (custom)
Create a notification for this product.
Credits
Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:53.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/give/#developers"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-creation-via-export-function-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-28700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-20T19:17:53.421987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-20T20:17:01.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GiveWP (WordPress plugin)",
          "vendor": "GiveWP",
          "versions": [
            {
              "lessThanOrEqual": "2.20.2",
              "status": "affected",
              "version": "\u003c= 2.20.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
        }
      ],
      "datePublic": "2022-07-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP\u0027s GiveWP plugin \u003c= 2.20.2 at WordPress."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Creation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:07:40.577Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/give/#developers"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-creation-via-export-function-vulnerability"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to 2.21.0 or higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress GiveWP plugin \u003c= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "audit@patchstack.com",
          "DATE_PUBLIC": "2022-07-12T13:57:00.000Z",
          "ID": "CVE-2022-28700",
          "STATE": "PUBLIC",
          "TITLE": "WordPress GiveWP plugin \u003c= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GiveWP (WordPress plugin)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "\u003c= 2.20.2",
                            "version_value": "2.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GiveWP"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP\u0027s GiveWP plugin \u003c= 2.20.2 at WordPress."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Creation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/give/#developers",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/give/#developers"
            },
            {
              "name": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-creation-via-export-function-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-20-2-authenticated-arbitrary-file-creation-via-export-function-vulnerability"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to 2.21.0 or higher version."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2022-28700",
    "datePublished": "2022-07-21T17:23:23.822Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2026-04-28T16:07:40.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-24315 (GCVE-0-2021-24315)

Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
Impacted products
Credits
m0ze
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "lessThan": "2.10.4",
              "status": "affected",
              "version": "2.10.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "m0ze"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-17T16:48:53.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Give WP \u003c 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24315",
          "STATE": "PUBLIC",
          "TITLE": "Give WP \u003c 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.10.4",
                            "version_value": "2.10.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GiveWP"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "m0ze"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/006b37c9-641c-4676-a315-9b6053e001d2"
            },
            {
              "name": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt",
              "refsource": "MISC",
              "url": "https://m0ze.ru/vulnerability/%5B2021-04-02%5D-%5BWordPress%5D-%5BCWE-79%5D-GiveWP-WordPress-Plugin-v2.10.3.txt"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24315",
    "datePublished": "2021-05-17T16:48:53.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:28:23.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24213 (GCVE-0-2021-24213)

Vulnerability from cvelistv5 – Published: 2021-04-12 14:00 – Updated: 2024-08-03 19:21
VLAI?
Title
GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
Summary
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
GiveWP GiveWP – Donation Plugin and Fundraising Platform Affected: 2.4.0 , < 2.4.0* (custom)
Affected: 2.10.0 , < 2.10.0 (custom)
Create a notification for this product.
Credits
Austin Bentley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bentl.ee/posts/cve-givewp/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
          "vendor": "GiveWP",
          "versions": [
            {
              "lessThan": "2.4.0*",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.10.0",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Austin Bentley"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the \u0027s\u0027 GET parameter on the Donors page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T14:00:09.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bentl.ee/posts/cve-givewp/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GiveWP \u003c 2.10.0 - Reflected Cross Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24213",
          "STATE": "PUBLIC",
          "TITLE": "GiveWP \u003c 2.10.0 - Reflected Cross Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "2.4.0",
                            "version_value": "2.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.10.0",
                            "version_value": "2.10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GiveWP"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Austin Bentley"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the \u0027s\u0027 GET parameter on the Donors page."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/da4ab508-a423-4c7f-a1d4-42ec6f989309"
            },
            {
              "name": "https://bentl.ee/posts/cve-givewp/",
              "refsource": "MISC",
              "url": "https://bentl.ee/posts/cve-givewp/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24213",
    "datePublished": "2021-04-12T14:00:09.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}