GiveWP
StellarWP
Developer
4.14.4
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
64 patched
29 Mitigation rules
- WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability<= 3.14.102/02/2026
- Arbitrary Shortocde Execution vulnerability<= 4.13.108/01/2026
- WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability<= 4.6.031/12/2025
- Unauthenticated PHP Object Injection vulnerability<= 3.19.231/12/2025
- Cross Site Request Forgery (CSRF) vulnerability<= 4.13.123/12/2025
- WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability<= 4.13.018/11/2025
- Missing Authorization to Unauthenticated Forms and Campaigns Disclosure vulnerability<= 4.10.003/10/2025
- Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability<= 4.10.003/10/2025
- Missing Authorization to Donation Update vulnerability<= 4.5.020/08/2025
- PII Sensitive Data Exposure vulnerability< 4.6.101/08/2025
- Authenticated (GiveWP worker+) Stored Cross-Site Scripting vulnerability<= 4.5.030/07/2025
- Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification vulnerability<= 4.3.019/06/2025
- Authenticated (Subscriber+) Sensitive Information Exposure vulnerability<= 3.22.124/03/2025
- Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability<= 3.22.018/03/2025
- Unauthenticated PHP Object Injection vulnerability<= 3.19.403/03/2025
- PHP Object Injection vulnerability<= 3.19.310/01/2025
- Reflected XSS vulnerability< 3.19.027/12/2024
- Unauthenticated PHP Object Injection to Remote Code Execution vulnerability<= 3.16.315/10/2024
- Unauthenticated PHP Object Injection to Remote Code Execution (RCE) vulnerability<= 3.16.130/09/2024
- Authenticated (GiveWP Manager+) SQL Injection via order Parameter vulnerability<= 3.16.127/09/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.15.125/09/2024
- Unauthenticated Full Path Disclosure vulnerability<= 3.15.129/08/2024
- Missing Authorization to Authenticated (Subscriber+) Limited File Deletion vulnerability<= 3.14.120/08/2024
- Missing Authorization to Unauthenticated Event Settings Update vulnerability<= 3.13.020/08/2024
- Missing Authorization to Limited Information Exposure vulnerability<= 3.13.020/08/2024
- Unauthenticated PHP Object Injection to Remote Code Execution (RCE) vulnerability<= 3.14.109/08/2024
- Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions vulnerability<= 3.13.019/07/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.12.006/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.10.020/05/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.6.115/04/2024
- PHP Object Injection vulnerability<= 3.4.226/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.5.120/03/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.3.115/03/2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.219/01/2024
- Cross-Site Request Forgery (CSRF) to Stripe Integration Deletion vulnerability<= 2.33.331/10/2023
- Cross-Site Request Forgery (CSRF) to plugin installation vulnerability<= 2.33.331/10/2023
- Cross-Site Request Forgery (CSRF) to plugin deactivation vulnerability<= 2.33.331/10/2023
- Broken Access Control vulnerability<= 2.33.131/10/2023
- GiveWP Manager+ Privilege Escalation vulnerability<= 2.33.004/09/2023
- WordPress Give - Donation Plugin plugin <= 2.25.3 - PHP Object Injection vulnerability<= 2.25.309/05/2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.25.227/03/2023
- Cross Site Scripting (XSS) via render_dropdown vulnerability<= 2.25.110/03/2023
- Server Side Request Forgery (SSRF) vulnerability<= 2.25.110/03/2023
- CSV Injection vulnerability<= 2.25.110/03/2023
- Arbitrary Content Deletion vulnerability<= 2.25.110/03/2023
- Contributor+ Cross Site Scripting (XSS) vulnerability<= 2.25.110/03/2023
- Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability<= 2.25.110/03/2023
- Unauthenticated SQL Injection Vulnerability<= 2.23.218/01/2023
- Authenticated Arbitrary File Read via Export function vulnerability<= 2.20.212/07/2022
- Authenticated Arbitrary File Creation via Export function vulnerability<= 2.20.212/07/2022
- DoS via Cross-Site Request Forgery (CSRF) vulnerability<= 2.21.211/07/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.21.211/07/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.20.220/06/2022
- Donor Information Disclosure vulnerability<= 2.20.217/06/2022
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.218/01/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.218/01/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.218/01/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.11.326/07/2021
- Authenticated Persistent Cross-Site Scripting (XSS) vulnerability<= 2.10.121/04/2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.9.723/03/2021
- Authentication Bypass<= 2.5.426/09/2019
- SQL Injection (SQLi) vulnerability<= 2.5.012/08/2019
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.3.012/03/2019
- Cross Site Scripting (XSS)<= 0.8.420/04/2015