WordPress Plugin Vulnerabilities

GiveWp < 2.5.5 - Authentication Bypass

Description

The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible.

Affects Plugins

Plugin icon
give
Fixed in 2.5.5

References

CVE
CVE-2019-20360
URL
https://www.wordfence.com/blog/2019/09/authentication-bypass-vulnerability-in-givewp-plugin/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Wordfence
Verified
No
WPVDB ID
12b672bd-5c7a-47b9-a232-17fed88595a9

Timeline

Publicly Published
2019-09-26 (about 6 years ago)
Added
2019-09-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-10-14
Title
WP 2FA with Telegram < 3.1 - Two-Factor Authentication Bypass
Published
2025-09-29
Title
LatePoint < 5.2.0 - Unauthenticated Authentication Bypass
Published
2025-10-14
Title
Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Published
2016-06-06
Title
OneLogin SAML SSO <= 2.1.5 - Authentication Bypass
Published
2024-10-25
Title
Realty Workstation <= 1.0.45 - Authentication Bypass to Account Takeover