CVE-2026-42642 WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through = 4.14.5...

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin = 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.14.1...

WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability

WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.6.0 - Unauthenticated Donor Data Exposure vulnerability discovered by WordFence in WordPress Plugin GiveWP versions = 4.6.0...

WordPress GiveWP plugin <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions vulnerability

Insecure Direct Object Reference to Authenticated GiveWP Worker+ Arbitrary Post Actions vulnerability discovered by Thanh Nam Tran in WordPress Plugin GiveWP versions = 3.13.0...

WordPress GiveWP Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1957 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID f3cbd83f12af Credits Ngô Thiên An ancorn Requir...

WordPress GiveWP Plugin <= 2.33.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software GiveWP Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4247 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID fe1779b76e9b Credits Marco Wotschka...

WordPress GiveWP Plugin <= 2.33.0 is vulnerable to Privilege Escalation

Software GiveWP Type Plugin Vulnerable versions = 2.33.0 Fixed in 2.33.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-41665 Patch priority High CVSS severity High 7.2 Developer Liquid Web / StellarWP PSID db573163f3a2 Credits Rafie...