WordPress Plugin Vulnerabilities

GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion

Description

The plugin does not correctly authorize some actions, allowing low-privileged users to delete content from the site which they should not be permitted to delete.

Affects Plugins

Plugin icon
give
Fixed in 2.25.2

References

CVE
CVE-2023-23672

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
88c8b259-9fc5-48d1-af0c-36b891c4dae7

Timeline

Publicly Published
2023-03-10 (about 3 years ago)
Added
2023-05-09 (about 3 years ago)
Last Updated
2023-05-09 (about 3 years ago)

Other

Published
Title
Published
2025-09-11
Title
Recipe Card Blocks for Gutenberg & Elementor < 3.4.9 - Incorrect Authorization
Published
2023-12-14
Title
Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure
Published
2023-08-14
Title
Media from FTP < 11.17 - Author+ Arbitrary File Access
Published
2024-03-01
Title
GenerateBlocks < 1.8.3 - Contributor+ Arbitrary Draft/Private Post Access
Published
2022-11-14
Title
Transposh WordPress Translation <= 1.0.8 - Settings Update via Authorization Bypass