7 matches found
GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...
CVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...
WordPress GiveWP Plugin < 3.16.2 Multiple vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; ifdescription...
Exploit for Deserialization of Untrusted Data in Givewp
This post is a research article published by EQSTLabhttps://g...
WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection
Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...
CVE-2024-8353
creationtimestamp| type| source ---|---|--- 2024-08-28 20:39:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wpgivewprce.rb 2024-09-28 05:17:09+00:00| seen| https://t.me/cvedetector/6592 2024-09-30 08:27:47+00:00| published-proof-of-concept|...