3 matches found
CVE-2026-14987
CVE-2026-14987 affects GiveWP (WordPress) up to version 4.16.3. The issue is a stored XSS via the twitter_message field in the Sequoia Template Settings, caused by insufficient input sanitization and output escaping. An authenticated attacker with give worker-level access (or higher) can inject a...
CVE-2026-14987 GiveWP <= 4.16.3 - Authenticated (Give Worker+) Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-44859
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...