WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

GiveWP – Donation Plugin and Fundraising Platform

2023-01-19
GiveWP < 2.24.1 - Unauthenticated SQLi
Fixed in version 2.24.1
2023-01-19
GiveWP < 2.24.0 - Contributor+ Stored XSS
Fixed in version 2.24.0
2022-07-12
GiveWP < 2.21.0 - Manager+ Arbitrary File Access via Export
Fixed in version 2.21.0
2022-07-12
GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export
Fixed in version 2.21.0
2022-07-11
GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
Fixed in version 2.21.3
2022-07-11
GiveWP < 2.21.3 - DoS via CSRF
Fixed in version 2.21.3
2022-06-20
Give < 2.21.0 - Reflected Cross-Site Scripting
Fixed in version 2.21.0
2022-06-17
GiveWP < 2.21.0 - Donor Information Disclosure
Fixed in version 2.21.0
2022-01-18
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
Fixed in version 2.17.3
2022-01-18
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
Fixed in version 2.17.3
2022-01-18
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
Fixed in version 2.17.3
2021-07-26
GiveWP < 2.12.0 - Admin+ Stored XSS
Fixed in version 2.12.0
2021-04-30
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in version 2.10.4
2021-03-23
GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS)
Fixed in version 2.10.0
2019-10-30
Give WP < 2.5.10 - Multiple Issues
Fixed in version 2.5.10
2019-09-26
GiveWp < 2.5.5 - Authentication Bypass
Fixed in version 2.5.5
2019-08-12
Give <= 2.5.0 - SQL Injection
Fixed in version 2.5.1
2019-05-15
Give < 2.4.7 - Stored XSS
Fixed in version 2.4.7
2019-02-05
Give <= 2.3.0 - Cross-Site Scripting (XSS)
Fixed in version 2.3.1
2015-04-20
Give - Cross-Site Scripting (XSS)
Fixed in version 0.8.5