WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by HuajiHD in WordPress Plugin GiveWP versions = 4.14.2...

WordPress Give plugin <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability

Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via givereportsearnings Function vulnerability discovered by mikemyers in WordPress Plugin GiveWP versions = 3.22.0...

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...

CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

CVE-2024-27987 WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.3.1...

CVE-2024-27987 WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.3.1...

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting PoC As an unauthenticated user:...

WordPress Give Authorization Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is one of the fundraising platform plugins used in it. An authorization issue vulnerability exists in WordPress Give versions prio...

Authentication flaw

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...

CVE-2019-15317

The give plugin before 2.4.7 for WordPress has XSS via a donor name...

CVE-2019-15317

The give plugin before 2.4.7 for WordPress has XSS via a donor name...

CVE-2019-13578

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php...

WordPress Give SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is one of the fundraising platform plugins used in it. A SQL injection vulnerability exists in WordPress Give. The vulnerability...

WordPress Give plugin <= 2.5.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Tin Duong Fortinet FortiGuard Labs in WordPress Give plugin version = 2.5.0. Solution Update the WordPress Give plugin to the latest available version at least 2.5.1...

WordPress Give plugin <= 2.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Give plugin versions = 2.3.0. Solution Update the WordPress Give plugin to the latest available version at least 2.3.1...

WordPress Give 2.3.0 Cross Site Scripting

Vulnerability: XSS Affected Software: Give Affected Version: 2.3.0 Patched Version: 2.3.1 CVE: not requested Risk: Medium Vendor Contacted: 11/24/2018 Vendor Fix: 12/13/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen CVSS 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Overview The Gi...

WordPress Give Plugin <= 0.8.4 - Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...