Plugin icon

GiveWP – Donation Plugin and Fundraising Platform

give

Vulnerabilities:

63

Last Updated:

December 8, 2025

Active Installs:

100000

Published
Title
Fixed in
CVSS
Published
2026-01-08
Title
GiveWP < 4.13.2 - Unauthenticated Arbitrary Shortcode Execution
Fixed in
Fixed in 4.13.2
CVSS
6.5 (medium)
Published
2025-12-23
Title
GiveWP < 4.13.2 - Cross-Site Request Forgery
Fixed in
Fixed in 4.13.2
CVSS
4.3 (medium)
Published
2025-11-18
Title
GiveWP < 4.13.1 - Unauthenticated Stored XSS via 'name'
Fixed in
Fixed in 4.13.1
CVSS
7.2 (high)
Published
2025-10-03
Title
GiveWP – Donation Plugin and Fundraising Platform < 4.10.1 - Missing Authorization to Unauthenticated Forms-Campaign Association
Fixed in
Fixed in 4.10.1
CVSS
5.3 (medium)
Published
2025-10-03
Title
GiveWP < 4.10.1 - Unauthenticated Forms and Campaigns Disclosure
Fixed in
Fixed in 4.10.1
CVSS
5.3 (medium)
Published
2025-08-20
Title
GiveWP < 4.6.1 - Missing Authorization to Donation Update
Fixed in
Fixed in 4.6.1
CVSS
4.3 (medium)
Published
2025-08-05
Title
GiveWP – Donation Plugin and Fundraising Platform < 4.6.1 - Unauthenticated Donor Data Exposure
Fixed in
Fixed in 4.6.1
CVSS
5.3 (medium)
Published
2025-07-30
Title
GiveWP – Donation Plugin and Fundraising Platform < 4.6.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting
Fixed in
Fixed in 4.6.0
CVSS
5.4 (medium)
Published
2025-06-18
Title
GiveWP – Donation Plugin and Fundraising Platform < 4.3.1 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification
Fixed in
Fixed in 4.3.1
CVSS
5.4 (medium)
Published
2025-03-21
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.22.2 - Authenticated (Subscriber+) Sensitive Information Exposure
Fixed in
Fixed in 3.22.2
CVSS
5.3 (medium)
Published
2025-03-14
Title
Give < 3.22.1 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
Fixed in
Fixed in 3.22.1
CVSS
6.5 (medium)
Published
2025-03-03
Title
GiveWP < 3.20.0 - Unauthenticated PHP Object Injection
Fixed in
Fixed in 3.20.0
CVSS
9.8 (critical)
Published
2025-01-10
Title
GiveWP < 3.19.4 - Unauthenticated PHP Object Injection
Fixed in
Fixed in 3.19.4
CVSS
8.1 (high)
Published
2025-01-10
Title
GiveWP < 3.19.3 - Unauthenticated PHP Object Injection
Fixed in
Fixed in 3.19.3
CVSS
8.1 (high)
Published
2024-12-06
Title
Give < 3.19.0 - Reflected XSS
Fixed in
Fixed in 3.19.0
CVSS
7.1 (high)
Published
2024-10-15
Title
GiveWP < 3.16.4 - Unauthenticated PHP Object Injection to Remote Code Execution
Fixed in
Fixed in 3.16.4
CVSS
9.8 (critical)
Published
2024-09-27
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.16.2 - Unauthenticated PHP Object Injection
Fixed in
Fixed in 3.16.2
CVSS
9.0 (critical)
Published
2024-09-26
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.16.2 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter
Fixed in
Fixed in 3.16.2
CVSS
6.0 (medium)
Published
2024-09-25
Title
GiveWP < 3.16.0 - Cross-Site Request Forgery
Fixed in
Fixed in 3.16.0
CVSS
4.3 (medium)
Published
2024-08-28
Title
GiveWP < 3.16.0 - Unauthenticated Full Path Disclosure
Fixed in
Fixed in 3.16.0
CVSS
5.3 (medium)
Published
2024-08-19
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.14.2 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion
Fixed in
Fixed in 3.14.2
CVSS
5.4 (medium)
Published
2024-08-19
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.14.0 - Missing Authorization to Unauthenticated Event Settings Update
Fixed in
Fixed in 3.14.0
CVSS
6.5 (medium)
Published
2024-08-19
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.14.0 - Missing Authorization to Limited Information Exposure
Fixed in
Fixed in 3.14.0
CVSS
5.3 (medium)
Published
2024-08-19
Title
GiveWP < 3.14.2 - Unauthenticated PHP Object Injection to RCE
Fixed in
Fixed in 3.14.2
CVSS
10.0 (critical)
Published
2024-07-18
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.14.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions
Fixed in
Fixed in 3.14.0
CVSS
5.4 (medium)
Published
2024-06-06
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.12.1 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.12.1
CVSS
6.1 (medium)
Published
2024-05-17
Title
GiveWP < 3.11.0 - Contributor+ Stored XSS
Fixed in
Fixed in 3.11.0
CVSS
5.9 (medium)
Published
2024-04-26
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.5.0 - Authenticated (GiveWP Manager+) PHP Object Injection
Fixed in
Fixed in 3.5.0
CVSS
8.8 (high)
Published
2024-04-12
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.7.0 - Contributor+ Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 3.7.0
CVSS
6.4 (medium)
Published
2024-03-19
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.6.0 - Contributor+ Stored XSS
Fixed in
Fixed in 3.6.0
CVSS
6.4 (medium)
Published
2024-03-15
Title
GiveWP < 3.4.0 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.4.0
CVSS
7.1 (high)
Published
2024-01-19
Title
GiveWP < 3.3.0 - Contributor+ Stored XSS
Fixed in
Fixed in 3.3.0
CVSS
6.4 (medium)
Published
2023-10-31
Title
GiveWP < 2.33.2 - Missing Authorization via handleBeforeGateway
Fixed in
Fixed in 2.33.2
CVSS
5.3 (medium)
Published
2023-10-31
Title
GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin deactivation
Fixed in
Fixed in 2.33.4
CVSS
5.4 (medium)
Published
2023-10-31
Title
GiveWP < 2.33.4 - Cross-Site Request Forgery to Stripe Integration Deletion
Fixed in
Fixed in 2.33.4
CVSS
5.4 (medium)
Published
2023-10-31
Title
GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin installation
Fixed in
Fixed in 2.33.4
CVSS
4.3 (medium)
Published
2023-08-31
Title
Give - Donation Plugin < 2.33.1 - Authenticated(Give Manager+) Privilege Escalation
Fixed in
Fixed in 2.33.1
CVSS
7.2 (high)
Published
2023-03-23
Title
GiveWP < 2.25.3 - Cross-Site Request Forgery
Fixed in
Fixed in 2.25.3
CVSS
4.3 (medium)
Published
2023-03-10
Title
GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion
Fixed in
Fixed in 2.25.2
CVSS
5.5 (medium)
Published
2023-03-10
Title
GiveWP < 2.25.2 - Cross-Site Request Forgery
Fixed in
Fixed in 2.25.2
CVSS
5.4 (medium)
Published
2023-03-10
Title
GiveWP < 2.25.2 - Author+ Stored Cross-Site Scripting
Fixed in
Fixed in 2.25.2
CVSS
6.8 (medium)
Published
2023-03-08
Title
GiveWP < 2.25.2 - Contributor+ Stored XSS
Fixed in
Fixed in 2.25.2
CVSS
6.8 (medium)
Published
2023-03-08
Title
GiveWP < 2.25.2 - Admin+ Server-Side Request Forgery
Fixed in
Fixed in 2.25.2
CVSS
4.1 (medium)
Published
2023-01-19
Title
GiveWP < 2.24.0 - Contributor+ Stored XSS
Fixed in
Fixed in 2.24.0
CVSS
6.8 (medium)
Published
2023-01-19
Title
GiveWP < 2.24.1 - Unauthenticated SQLi
Fixed in
Fixed in 2.24.1
CVSS
8.6 (high)
Published
2022-07-12
Title
GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export
Fixed in
Fixed in 2.21.0
CVSS
7.6 (high)
Published
2022-07-12
Title
GiveWP < 2.21.0 - Manager+ Arbitrary File Access via Export
Fixed in
Fixed in 2.21.0
CVSS
4.9 (medium)
Published
2022-07-11
Title
GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
Fixed in
Fixed in 2.21.3
CVSS
3.4 (low)
Published
2022-07-11
Title
GiveWP < 2.21.3 - DoS via CSRF
Fixed in
Fixed in 2.21.3
CVSS
3.1 (low)
Published
2022-06-20
Title
Give < 2.21.0 - Reflected Cross-Site Scripting
Fixed in
Fixed in 2.21.0
CVSS
6.1 (medium)
Published
2022-06-17
Title
GiveWP < 2.21.0 - Donor Information Disclosure
Fixed in
Fixed in 2.21.0
CVSS
5.3 (medium)
Published
2022-01-18
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
Fixed in
Fixed in 2.17.3
CVSS
6.1 (medium)
Published
2022-01-18
Title
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
Fixed in
Fixed in 2.17.3
CVSS
4.7 (medium)
Published
2022-01-18
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
Fixed in
Fixed in 2.17.3
CVSS
7.5 (high)
Published
2021-07-26
Title
GiveWP < 2.12.0 - Admin+ Stored XSS
Fixed in
Fixed in 2.12.0
CVSS
4.8 (medium)
Published
2021-04-30
Title
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.10.4
CVSS
5.5 (medium)
Published
2021-03-23
Title
GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
Fixed in
Fixed in 2.10.0
CVSS
7.1 (high)
Published
2019-10-30
Title
Give WP < 2.5.10 - Multiple Issues
Fixed in
Fixed in 2.5.10
CVSS
8.6 (high)
Published
2019-09-26
Title
GiveWp < 2.5.5 - Authentication Bypass
Fixed in
Fixed in 2.5.5
CVSS
7.5 (high)
Published
2019-08-12
Title
Give <= 2.5.0 - SQL Injection
Fixed in
Fixed in 2.5.1
CVSS
9.8 (critical)
Published
2019-05-15
Title
Give < 2.4.7 - Stored XSS
Fixed in
Fixed in 2.4.7
CVSS
5.4 (medium)
Published
2019-02-05
Title
Give <= 2.3.0 - Cross-Site Scripting (XSS)
Fixed in
Fixed in 2.3.1
CVSS
6.1 (medium)
Published
2015-04-20
Title
Give - Cross-Site Scripting (XSS)
Fixed in
Fixed in 0.8.5
CVSS
n/a