Filtered by vendor Givewp
Subscriptions
Filtered by product Givewp
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47315 | 1 Givewp | 1 Givewp | 2024-09-30 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. | ||||
| CVE-2024-5939 | 1 Givewp | 1 Givewp | 2024-09-03 | 5.3 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the setup wizard administrative pages. | ||||
| CVE-2024-5932 | 1 Givewp | 1 Givewp | 2024-08-26 | 10 Critical |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files. | ||||
| CVE-2024-5941 | 1 Givewp | 1 Givewp | 2024-08-26 | 5.4 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read attachment paths and delete attachment files. | ||||
| CVE-2024-5940 | 2 Givewp, Webdevmattcrom | 2 Givewp, Givewp Donation Plugin And Fundraising Platform | 2024-08-26 | 6.5 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled. | ||||