Lucene search
+L

269 matches found

RedhatCVE
RedhatCVE
added 2025/08/23 5:35 a.m.15 views

CVE-2025-7221

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...

4.3CVSS6.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 6:15 a.m.8 views

CVE-2025-7221

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...

4.3CVSS5AI score0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/21 5:28 a.m.5 views

CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.16 views

PT-2025-34188

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.5.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to unauthorized data modification. This is due to the absence of ...

4.3CVSS6AI score0.00227EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

WordPress plugin GiveWP 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/20 10:41 p.m.9 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.5.0 - Missing Authorization to Donation Update vulnerability

Missing Authorization to Donation Update vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 4.5.0...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/14 7:28 a.m.3 views

CVE-2025-47444

Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through = 1.32.1...

7.5CVSS5.9AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 10:15 a.m.20 views

CVE-2025-8620

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

5.3CVSS0.00536EPSS
Exploits0References4
CVE
CVE
added 2025/08/06 9:22 a.m.37 views

CVE-2025-8620

The vulnerability concerns the WordPress plugin GiveWP – Donation Plugin and Fundraising Platform. Affected versions are prior to 4.6.1 (and up to 4.6.0 per NVD/Red Hat entries). The issue is an Information Exposure that allows unauthenticated attackers to extract donor data (names, emails, donor...

5.3CVSS5.8AI score0.00536EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/06 9:22 a.m.23 views

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

5.3CVSS0.00536EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.12 views

PT-2025-32146 · WordPress · Givewp – Donation Plugin/Fundraising Platform

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.6.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to information exposure. This allows unauthenticated attackers to...

5.3CVSS6.5AI score0.00536EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.6 views

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.5AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/07/31 8:15 a.m.7 views

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2025/07/31 8:15 a.m.21 views

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/31 7:25 a.m.4 views

CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.5AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/31 7:25 a.m.34 views

CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.12 views

PT-2025-31488 · WordPress · Givewp – Donation Plugin/Fundraising Platform

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.5.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to Stored Cross-Site Scripting through the donor notes parameter...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.10 views

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

5.4CVSS6.7AI score0.00259EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/19 8:4 a.m.6 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification vulnerability

Missing Authorization To Authenticated Contributor+ Campaign Data View And Modification vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 4.3.0...

5.4CVSS6.7AI score0.00259EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/19 6:44 a.m.6 views

CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

5.4CVSS6.7AI score0.00259EPSS
Exploits0References9
Rows per page
Query Builder