WordPress Plugin Vulnerabilities

GiveWP < 2.33.2 - Missing Authorization via handleBeforeGateway

Description

The GiveWP plugin for WordPress is vulnerable to unauthorized donation form access due to a missing check on the handleBeforeGateway function that would ensure that a donation form can be used and is not trashed in versions up to, and including, 2.33.1. There is no real security impact, but such trashed donation forms could still receive donations in vulnerable versions.

Affects Plugins

Plugin icon
give
Fixed in 2.33.2

References

CVE
CVE-2023-47183
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
ebf00b36-e8cc-4315-af6c-b7ef304f927b

Timeline

Publicly Published
2023-10-31 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2023-09-20
Title
Inactive Logout < 3.2.3 - Missing Authorization
Published
2025-03-03
Title
Animation Addons for Elementor Pro < 1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Published
2024-04-19
Title
Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization
Published
2023-11-22
Title
Super Progressive Web Apps < 2.2.22 - Missing Authorization
Published
2025-09-30
Title
SMS Contact Form 7 Notifications by ClickSend <= 1.4.0 - Missing Authorization