PT-2025-1380 · Stellarwp · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP versions prior to 2.25.2 Description: The issue is related to a missing authorization vulnerability in Liquid Web/StellarWP GiveWP. This problem allows for unauthorized access. Recommendations: For versions prior to 2.25.2, update to...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content

CVE-2023-47668 Description Exposure of Sensitive Informati...

CVE-2023-35777

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through = 6.1.2.2...

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...

WordPress GiveWP Plugin <= 3.15.1 is vulnerable to Sensitive Data Exposure

Software GiveWP Type Plugin Vulnerable versions = 3.15.1 Fixed in 3.16.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6551 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID b91ec157138c Credits stealthcopter Required...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to Arbitrary File Deletion

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5941 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 0a50b2a00b5f Credits villu164 Required privilege...

WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Broken Access Control

Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5940 Patch priority Medium CVSS severity Medium 6.5 Developer Liquid Web / StellarWP PSID c733c510d1d3 Credits villu164 Required...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-37099 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID 44652f09d965 Credits LVT-tholv2k Required privilege...

WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Insecure Direct Object References (IDOR)

Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5977 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 3e3c50f20b4c Credits Thanh Nam Tra...

VulnCheck KEV: CVE-2024-35679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.12.0...

WordPress The Events Calendar Plugin < 6.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software The Events Calendar Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4180 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 9ded0dc115b9 Credits Marc...

CVE-2024-31432

Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8...

CVE-2024-31432

CVE-2024-31432 is a Missing Authorization vulnerability in the StellarWP Restrict Content plugin for WordPress, affecting versions up to 3.2.8. From the provided documents, exploitation details are not disclosed, but the issue allows unauthorized access to restricted content. Remediation, per the...

WordPress Event Tickets Plugin <= 5.8.2 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2261 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID 4127cd4a2b13 Credits Tim Coen Required privile...

VulnCheck KEV: CVE-2024-30229

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

WordPress GiveWP Plugin <= 3.4.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30229 Patch priority Medium CVSS severity Medium 8 Developer Liquid Web / StellarWP PSID 9a991fbaf7bc Credits Rafie Muhammad Patchstack Required...

WordPress GiveWP Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27987 Patch priority Medium CVSS severity Medium 7.1 Developer Liquid Web / StellarWP PSID 221b899ac821 Credits Rafie Muhammad Patchstack Required...

VulnCheck KEV: CVE-2024-27987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.3.1...

WordPress Event Tickets Plugin <= 5.8.1 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions = 5.8.1 Fixed in 5.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1053 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID ddaccf519ce9 Credits Muhammad Daffa Required...