Update the WordPress GiveWP plugin to the latest available version (at least 2.21.0).
Rafie Muhammad (Patchstack) discovered and reported this Arbitrary File Upload vulnerability in WordPress GiveWP Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 2.21.0.
Cross Site Scripting (XSS) via render_dropdown vulnerability
10.03.2023
Server Side Request Forgery (SSRF) vulnerability
10.03.2023
CSV Injection vulnerability
10.03.2023
Arbitrary Content Deletion vulnerability
10.03.2023
Contributor+ Cross Site Scripting (XSS) vulnerability
10.03.2023
Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability
10.03.2023