Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GiveWP – Donation Plugin and Fundraising Platform — Vulnerabilities & Security Advisories 39

All 39 CVE vulnerabilities found in GiveWP – Donation Plugin and Fundraising Platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: GiveWP

CVE IDTitleCVSSSeverityPublished
CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' CWE-79 7.2 High2025-11-19
CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association CWE-862 5.3 Medium2025-10-04
CVE-2025-11227 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure CWE-285 6.5 Medium2025-10-04
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update CWE-285 4.3 Medium2025-08-21
CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure CWE-200 5.3 Medium2025-08-06
CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting CWE-79 5.4 Medium2025-07-31
CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification CWE-862 5.4 Medium2025-06-19
CVE-2025-2331 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure CWE-200 5.3 Medium2025-03-22
CVE-2025-2025 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function CWE-862 6.5 Medium2025-03-15
CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection CWE-502 9.8 Critical2025-03-04
CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection CWE-502 9.8 Critical2025-01-11
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution CWE-502 9.8 Critical2024-10-16
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection CWE-502 9.8 Critical2024-09-28
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter CWE-89 7.2 High2024-09-27
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure CWE-200 5.3 Medium2024-08-29
CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update CWE-862 6.5 Medium2024-08-20
CVE-2024-5939 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure CWE-862 5.3 Medium2024-08-20
CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution CWE-502 10.0 Critical2024-08-20
CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion CWE-862 5.4 Medium2024-08-20
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions CWE-639 5.4 Medium2024-07-19
CVE-2024-3714 GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-1957 GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-04-13
CVE-2024-1424 GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-09
CVE-2023-51415 WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) CWE-79 6.5 Medium2024-02-10
CVE-2023-4247 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation CWE-352 5.4 Medium2024-01-11
CVE-2023-4246 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation CWE-352 4.3 Medium2024-01-11
CVE-2023-4248 GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion CWE-352 5.4 Medium2024-01-11
CVE-2023-32513 WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection CWE-502 7.5 High2023-12-28
CVE-2022-40312 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF) CWE-918 5.5 Medium2023-12-18
CVE-2023-25450 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-06-15

All 39 known CVE vulnerabilities affecting GiveWP – Donation Plugin and Fundraising Platform with full Chinese analysis, references, and POCs where available.