WordPress Plugin Vulnerabilities

GiveWP < 2.21.0 - Manager+ Arbitrary File Creation via Export

Description

The plugin does not validate the exported file, which could allow high privilege users such as Managers to create arbitrary files

Affects Plugins

Plugin icon
give
Fixed in 2.21.0

References

CVE
CVE-2022-28700

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
8d2928ae-5410-4aed-ae64-b771f6bc0bdc

Timeline

Publicly Published
2022-07-12 (about 3 years ago)
Added
2022-07-24 (about 3 years ago)
Last Updated
2023-04-20 (about 2 years ago)

Other

Published
Title
Published
2020-10-21
Title
SuperStoreFinder Plugins - Unauthenticated Arbitrary File Upload
Published
2021-10-06
Title
Access Demo Importer < 1.0.7 - Subscriber+ Arbitrary File Upload
Published
2024-07-11
Title
Import Spreadsheets from Microsoft Excel < 10.1.5 - Authenticated (Editor+) Arbitrary File Upload
Published
2024-10-17
Title
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload
Published
2025-12-11
Title
Infility Global < 2.14.43 - Authenticated (Subscriber+) Arbitrary File Upload