3 matches found
WordPress GiveWP Plugin < 3.16.2 Multiple vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; ifdescription...
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
WordPress GiveWP Plugin <= 3.16.1 is vulnerable to SQL Injection
Software GiveWP Type Plugin Vulnerable versions = 3.16.1 Fixed in 3.16.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9130 Patch priority Low CVSS severity Low 7.6 Developer Liquid Web / StellarWP PSID ace2edd5d5b2 Credits Leo Required privilege GiveWP Manager Published 27...