GiveWP 漏洞列表
共找到 6 个与 GiveWP 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2021-25099: WordPress GiveWP <2.17.3 - Cross-Site Scripting POC
WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. -
CVE-2024-5932: GiveWP - PHP Object Injection POC
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. -
CVE-2024-8353: GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection POC
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which may allow them to execute arbitrary PHP code, depending on the presence of a suitable POP chain on the target system. This vulnerability could lead to full site compromise. -
CVE-2021-25099: WordPress GiveWP <2.17.3 - Cross-Site Scripting POC
WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. -
CVE-2024-5932: GiveWP - PHP Object Injection POC
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. -
CVE-2024-8353: GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection POC
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which may allow them to execute arbitrary PHP code, depending on the presence of a suitable POP chain on the target system. This vulnerability could lead to full site compromise.