WordPress Plugin Vulnerabilities

GiveWP < 2.25.2 - Admin+ Server-Side Request Forgery

Description

The plugin does not validate a parameter before making a request to it, which could allow users with a role of Administrator to perform an SSRF attack.

Affects Plugins

Plugin icon
give
Fixed in 2.25.2

References

CVE
CVE-2022-40312

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
0c63918f-93ac-41e6-ab41-efefab0c4cfe

Timeline

Publicly Published
2023-03-08 (about 3 years ago)
Added
2023-05-09 (about 2 years ago)
Last Updated
2023-05-09 (about 2 years ago)

Other

Published
Title
Published
2023-12-11
Title
affiliate-toolkit < 3.4.3 - Unauthenticated SSRF
Published
2024-03-29
Title
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Authenticated (Author+) Server-Side Request Forgery
Published
2024-07-02
Title
CoBlocks < 3.1.12 - Contributor+ SSRF
Published
2025-02-14
Title
Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme < 3.1.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request
Published
2025-06-19
Title
PowerPress Podcasting < 11.13.12 - Contributor+ Server-Side Request Forgery