GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

EUVD-2023-56136

Malicious code in bioql PyPI...

EUVD-2023-36757

Malicious code in bioql PyPI...

CVE-2025-7205

The CVE-2025-7205 entry refers to a Stored Cross‑Site Scripting in the WordPress GiveWP – Donation Plugin and Fundraising Platform. Affected: GiveWP core (WordPress plugin) for versions up to and including 4.5.0, due to insufficient input sanitization and output escaping in the donor notes parame...

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

CVE-2023-51415

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2...

CVE-2022-40312

Server-Side Request Forgery SSRF vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1...

CVE-2025-2025

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the givereportsearnings function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to...

CVE-2025-2025

CVE-2025-2025 affects the WordPress plugin GiveWP (Donations) up to version 3.22.0, where a missing capability check in the function give_reports_earnings() allows unauthenticated data disclosure of earnings reports. Connected exploit material demonstrates unauthorized access scenarios and confir...

CVE-2024-9130

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

CVE-2024-9634

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the givecompanyname parameter. This makes it possible for unauthenticated attackers to inject a...

CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edi...

CVE-2022-40312

Server-Side Request Forgery SSRF vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-37197)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the GiveWP...