Product
givewp
61 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-13206
CVE-2025-11228
CVE-2025-11227
CVE-2025-7221
CVE-2025-8620
CVE-2025-7205
CVE-2025-4571
CVE-2025-2331
CVE-2025-2025
CVE-2025-0912
CVE-2025-22777
CVE-2024-12877
CVE-2023-23672
CVE-2023-47183
CVE-2024-11921
CVE-2024-9634
CVE-2024-8353
CVE-2024-9130
CVE-2024-47315
CVE-2024-6551
CVE-2024-5941
CVE-2024-5940
CVE-2024-5939
CVE-2024-5932
CVE-2024-37099
CVE-2024-5977
CVE-2024-35679
CVE-2024-3714
CVE-2023-41665
CVE-2024-1957
CVE-2022-40211
CVE-2024-1424
CVE-2024-30229
CVE-2024-27987
CVE-2023-51415
CVE-2023-0224
CVE-2023-4248
CVE-2023-4247
CVE-2023-4246
CVE-2023-32513
CVE-2022-40312
CVE-2023-22719
CVE-2023-25450
CVE-2023-23668
CVE-2022-4448
CVE-2022-2260
CVE-2022-2215
CVE-2022-31475
CVE-2022-28700
CVE-2022-2117
CVE-2022-0252
CVE-2021-25100
CVE-2021-25099
CVE-2021-24524
CVE-2021-24315
CVE-2021-24213
CVE-2020-20627
CVE-2019-20360
CVE-2019-15317
CVE-2019-13578
CVE-2019-9909
< 4.13.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the �
< 4.10.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due
< 4.10.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions u
< 4.6.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due
< 4.6.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions u
< 4.6.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the do
< 4.3.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of
< 3.22.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all
< 3.22.1
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a m
< 3.20.0
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via d
< 3.19.4
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n
<= 3.19.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions u
< 2.25.2
Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.
< 2.33.2
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Leve
< 3.19.0
The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading
< 3.16.4
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions u
< 3.16.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions u
< 3.16.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘or
< 3.16.0
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1.
< 3.16.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions u
< 3.14.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of da
< 3.14.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due
< 3.14.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a m
< 3.14.2
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions u
< 3.14.2
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a t
< 3.14.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in al
< 3.12.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This i
< 3.11.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
< 2.33.1
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33
< 3.7.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
< 2.25.2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.Thi
< 3.6.0
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
< 3.5.0
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.
< 3.4.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This i
<= 3.2.2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP - Donation Plu
< 2.24.1
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unaut
<= 2.33.3
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due
<= 2.33.3
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due
<= 2.33.3
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due
<= 2.25.3
Deserialization of Untrusted Data vulnerability in GiveWP - Donation Plugin and Fundraising Platform.This issue affects Giv
<= 2.25.1
Server-Side Request Forgery (SSRF) vulnerability in GiveWP - Donation Plugin and Fundraising Platform.This issue affects Gi
<= 2.25.1
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25
< 2.25.2
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP - Donation Plugin and Fundraising Platform plugin <= 2.25.1 vers
< 2.25.2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.
< 2.24.0
The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them bac
< 2.21.3
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting par
< 2.21.3
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high priv
< 2.21.0
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at Wo
< 2.21.0
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
<= 2.20.2
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the
< 2.17.3
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Impo
< 2.17.3
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donatio
< 2.17.3
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the resp
< 2.12.0
The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of
< 2.10.4
The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Ima
>= 2.4.0 and < 2.10.0
The GiveWP - Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Script
<= 2.5.9
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated
< 2.5.5
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access per
< 2.4.7
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
<= 2.5.0
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of thi
< 2.3.1
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.