GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

WordPress plugin GiveWP – Donation Plugin and Fundraising Platform 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scriptin...

WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability

WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability discovered by shark3y in WordPress Plugin GiveWP versions = 4.13.0...

CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...

CVE-2025-11227

CVE-2025-11227 concerns the GiveWP – Donation Plugin and Fundraising Platform for WordPress. Wordfence and related feeds document a vulnerability in all versions up to 4.10.0 where missing capability checks in REST endpoints (registerGetForm, registerGetForms, registerGetCampaign, registerGetCamp...

EUVD-2022-43607

Malicious code in bioql PyPI...

EUVD-2024-47068

Malicious code in bioql PyPI...

EUVD-2023-29405

Malicious code in bioql PyPI...

CVE-2023-32513

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3...

CVE-2019-9909

The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS...

CVE-2025-47459 WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3...

WordPress WP Fundraising Donation and Crowdfunding Platform plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FundEngine versions = 1.7.3...

PT-2025-20092 · Unknown · Xpeedstudio Wp Fundraising Donation/Crowdfunding Platform

Name of the Vulnerable Software and Affected Versions: XpeedStudio WP Fundraising Donation and Crowdfunding Platform versions 1.7.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For XpeedStudio WP...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 3.22.1...

WordPress plugin GiveWP – Donation Plugin and Fundraising Platform 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...

CVE-2024-5932

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...