2 matches found
CVE-2026-13246
The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...
EUVD-2026-40888
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...