CVE-2026-13246 GiveWP <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'block_id' Shortcode Attribute
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...