Lucene search
+L

4 matches found

nvd
nvd
added 10 hours ago7 views

CVE-2026-14987

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS
Exploits0References8
cvelist
cvelist
added 11 hours ago12 views

CVE-2026-14987 GiveWP <= 4.16.3 - Authenticated (Give Worker+) Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS
Exploits0References8
euvd
euvd
added 11 hours ago3 views

EUVD-2026-44859

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score
Exploits0References8
cve
cve
added 11 hours ago10 views

CVE-2026-14987

CVE-2026-14987 affects GiveWP (WordPress) up to version 4.16.3. The issue is a stored XSS via the twitter_message field in the Sequoia Template Settings, caused by insufficient input sanitization and output escaping. An authenticated attacker with give worker-level access (or higher) can inject a...

6.4CVSS6.2AI score
Exploits0References8
Rows per page
Query Builder