Update the WordPress GiveWP plugin to the latest available version (at least 2.21.0).
Rafie Muhammad (Patchstack) discovered and reported this Directory Traversal vulnerability in WordPress GiveWP Plugin. This could allow a malicious actor to see all files in a given directory or determine if certain files/directories exist in given folder. This can be used to exploit other weaknesses in the system This vulnerability has been fixed in version 2.21.0.
Cross Site Scripting (XSS) via render_dropdown vulnerability
10.03.2023
Server Side Request Forgery (SSRF) vulnerability
10.03.2023
CSV Injection vulnerability
10.03.2023
Arbitrary Content Deletion vulnerability
10.03.2023
Contributor+ Cross Site Scripting (XSS) vulnerability
10.03.2023
Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability
10.03.2023