GiveWP
StellarWP
Developer
4.13.1
Latest version
100,000
Installations
Nov 18, 2025
Last updated
Vulnerability history
0 present
59 fixed
26 Mitigation rules
- WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability<= 4.13.0Nov 18, 2025
- Missing Authorization to Unauthenticated Forms and Campaigns Disclosure vulnerability<= 4.10.0Oct 3, 2025
- Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability<= 4.10.0Oct 3, 2025
- Missing Authorization to Donation Update vulnerability<= 4.5.0Aug 20, 2025
- PII Sensitive Data Exposure vulnerability< 4.6.1Aug 1, 2025
- Authenticated (GiveWP worker+) Stored Cross-Site Scripting vulnerability<= 4.5.0Jul 30, 2025
- Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification vulnerability<= 4.3.0Jun 19, 2025
- Authenticated (Subscriber+) Sensitive Information Exposure vulnerability<= 3.22.1Mar 24, 2025
- Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability<= 3.22.0Mar 18, 2025
- Unauthenticated PHP Object Injection vulnerability<= 3.19.4Mar 3, 2025
- PHP Object Injection vulnerability<= 3.19.3Jan 10, 2025
- Reflected XSS vulnerability< 3.19.0Dec 27, 2024
- Unauthenticated PHP Object Injection to Remote Code Execution vulnerability<= 3.16.3Oct 15, 2024
- Unauthenticated PHP Object Injection to Remote Code Execution (RCE) vulnerability<= 3.16.1Sep 30, 2024
- Authenticated (GiveWP Manager+) SQL Injection via order Parameter vulnerability<= 3.16.1Sep 27, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.15.1Sep 25, 2024
- Unauthenticated Full Path Disclosure vulnerability<= 3.15.1Aug 29, 2024
- Missing Authorization to Authenticated (Subscriber+) Limited File Deletion vulnerability<= 3.14.1Aug 20, 2024
- Missing Authorization to Unauthenticated Event Settings Update vulnerability<= 3.13.0Aug 20, 2024
- Missing Authorization to Limited Information Exposure vulnerability<= 3.13.0Aug 20, 2024
- Unauthenticated PHP Object Injection to Remote Code Execution (RCE) vulnerability<= 3.14.1Aug 9, 2024
- Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions vulnerability<= 3.13.0Jul 19, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.12.0Jun 6, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.10.0May 20, 2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.6.1Apr 15, 2024
- PHP Object Injection vulnerability<= 3.4.2Mar 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.5.1Mar 20, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.3.1Mar 15, 2024
- Cross Site Scripting (XSS) vulnerability<= 3.2.2Jan 19, 2024
- Cross-Site Request Forgery (CSRF) to Stripe Integration Deletion vulnerability<= 2.33.3Oct 31, 2023
- Cross-Site Request Forgery (CSRF) to plugin installation vulnerability<= 2.33.3Oct 31, 2023
- Cross-Site Request Forgery (CSRF) to plugin deactivation vulnerability<= 2.33.3Oct 31, 2023
- Broken Access Control vulnerability<= 2.33.1Oct 31, 2023
- GiveWP Manager+ Privilege Escalation vulnerability<= 2.33.0Sep 4, 2023
- WordPress Give - Donation Plugin plugin <= 2.25.3 - PHP Object Injection vulnerability<= 2.25.3May 9, 2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.25.2Mar 27, 2023
- Cross Site Scripting (XSS) via render_dropdown vulnerability<= 2.25.1Mar 10, 2023
- Server Side Request Forgery (SSRF) vulnerability<= 2.25.1Mar 10, 2023
- CSV Injection vulnerability<= 2.25.1Mar 10, 2023
- Arbitrary Content Deletion vulnerability<= 2.25.1Mar 10, 2023
- Contributor+ Cross Site Scripting (XSS) vulnerability<= 2.25.1Mar 10, 2023
- Cross Site Request Forgery (CSRF) via give_cache_flush vulnerability<= 2.25.1Mar 10, 2023
- Unauthenticated SQL Injection Vulnerability<= 2.23.2Jan 18, 2023
- Authenticated Arbitrary File Read via Export function vulnerability<= 2.20.2Jul 12, 2022
- Authenticated Arbitrary File Creation via Export function vulnerability<= 2.20.2Jul 12, 2022
- DoS via Cross-Site Request Forgery (CSRF) vulnerability<= 2.21.2Jul 11, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.21.2Jul 11, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.20.2Jun 20, 2022
- Donor Information Disclosure vulnerability<= 2.20.2Jun 17, 2022
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.2Jan 18, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.2Jan 18, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.17.2Jan 18, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.11.3Jul 26, 2021
- Authenticated Persistent Cross-Site Scripting (XSS) vulnerability<= 2.10.1Apr 21, 2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.9.7Mar 23, 2021
- Authentication Bypass<= 2.5.4Sep 26, 2019
- SQL Injection (SQLi) vulnerability<= 2.5.0Aug 12, 2019
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.3.0Mar 12, 2019
- Cross Site Scripting (XSS)<= 0.8.4Apr 20, 2015