Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

givewp — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting givewp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GiveWP is a WordPress donation plugin enabling organizations to collect payments through various gateways. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), privilege escalations, and authentication bypasses. The plugin's 12 recorded CVEs highlight recurring issues in input validation, access control, and insecure deserialization. Notable incidents include multiple critical flaws allowing attackers to execute arbitrary code or compromise administrative accounts, often through insufficient sanitization of user inputs. Despite these vulnerabilities, GiveWP remains widely adopted, necessitating regular updates and careful configuration to mitigate security risks.

Top products by givewp: GiveWP – Donation Plugin and Fundraising Platform GiveWP GiveWP (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2023-41665 WordPress GiveWP plugin <= 2.33.0 - GiveWP Manager+ Privilege Escalation vulnerability — GiveWPCWE-269 8.8 High2024-05-17
CVE-2022-40211 WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability — GiveWPCWE-79 5.9 Medium2024-04-12
CVE-2023-51415 WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.5 Medium2024-02-10
CVE-2023-32513 WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 7.5 High2023-12-28
CVE-2022-40312 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF) — GiveWP – Donation Plugin and Fundraising PlatformCWE-918 5.5 Medium2023-12-18
CVE-2023-22719 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection — GiveWPCWE-1236 4.7 Medium2023-11-07
CVE-2023-25450 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF) — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2023-06-15
CVE-2023-23668 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS) — GiveWPCWE-79 6.5 Medium2023-05-08
CVE-2022-31475 WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability — GiveWP (WordPress plugin) 5.5 Medium2022-07-21
CVE-2022-28700 WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability — GiveWP (WordPress plugin) 9.1 Critical2022-07-21
CVE-2021-24315 Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS) — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 4.8 -2021-05-17
CVE-2021-24213 GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS) — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.1 -2021-04-12

This page lists every published CVE security advisory associated with givewp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.