WordPress Plugin Vulnerabilities

GiveWP < 2.21.0 - Donor Information Disclosure

Description

The plugin exposes a REST endpoint to unauthenticated users and disclosing donor information

Affects Plugins

Plugin icon
give
Fixed in 2.21.0

References

CVE
CVE-2022-2117

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Kane Gamble (Blackfoot UK)
Verified
Yes
WPVDB ID
8488ac9c-6357-457c-8b4f-7563af8120ee

Timeline

Publicly Published
2022-06-17 (about 3 years ago)
Added
2022-06-17 (about 3 years ago)
Last Updated
2023-03-23 (about 2 years ago)

Other

Published
Title
Published
2025-11-09
Title
Restaurant Menu by MotoPress < 2.4.8 - Authenticated (Subscriber+) Information Exposure
Published
2024-04-07
Title
Slideshow Gallery < 1.8.1 - Unauthenticated Sensitive Information Exposure
Published
2024-07-08
Title
Social Sharing Plugin – Kiwi < 2.1.8 - Information Disclosure
Published
2025-09-22
Title
Envíos Coordinadora Woocommerce <= 1.1.32 - Unauthenticated Sensitive Information Exposure
Published
2025-07-16
Title
JetEngine < 3.7.1.1 - Authenticated (Subscriber+) Information Exposure