Lucene search
K

719 matches found

Nuclei
Nuclei
added yesterday153 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.1AI score0.74283EPSS
Exploits11References7
Nuclei
Nuclei
added yesterday15 views

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS6.2AI score0.01881EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday30 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS7.3AI score0.28931EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday31 views

GiveWP <= 2.9.7 - Cross-Site Scripting

GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions before 2.10.0 is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in the admin Donors page. id: CVE-2021-24213 info: name: GiveWP = 2.9.7 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

6.1CVSS6.4AI score0.0137EPSS
Exploits4References3
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-13704 GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.8 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/01 5:15 p.m.5 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting vulnerability

Authenticated Give Worker+ Stored Cross-Site Scripting vulnerability discovered by Chirita Catalin-Andrei CC99IE - aisafe.io in WordPress Plugin GiveWP versions = 4.16.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 5:16 a.m.6 views

CVE-2026-13246

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...

6.4CVSS0.00241EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.38 views

CVE-2026-11981 GiveWP <= 4.15.3 - Cross-Site Request Forgery

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS0.00154EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 4:32 a.m.7 views

EUVD-2026-40905

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References9
CVE
CVE
added 2026/07/01 4:32 a.m.19 views

CVE-2026-11981

The CVE-2026-11981 entry concerns the WordPress GiveWP plugin (affected: versions up to 4.15.3) with a Cross-Site Request Forgery vulnerability due to missing nonce validation in give_set_notification_status_handler(). This allows unauthenticated attackers to disable donation email notifications ...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 3:43 a.m.9 views

EUVD-2026-40888

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-13246

The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/06/30 4:29 p.m.6 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.15.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by javitoia in WordPress Plugin GiveWP versions = 4.15.3...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 9:16 p.m.11 views

CVE-2026-34900

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.33 views

CVE-2026-34900 WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.22 views

CVE-2026-34900

CVE-2026-34900 concerns the WordPress GiveWP plugin up to version 4.14.2, with an Unauthenticated Reflected Cross Site Scripting (XSS) vulnerability reported. The connected Patchstack entry confirms the affected product and vulnerability type (Reflected XSS) but does not provide specific exploit ...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder