Search criteria
12 vulnerabilities found for GiveWP – Donation Plugin and Fundraising Platform by Unknown
CVE-2022-2260 (GCVE-0-2022-2260)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:50 – Updated: 2024-08-03 00:32
VLAI?
Title
GiveWP < 2.21.3 - DoS via CSRF
Summary
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.21.3 , < 2.21.3
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.21.3",
"status": "affected",
"version": "2.21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target\u0027s CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:50:58",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GiveWP \u003c 2.21.3 - DoS via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2260",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.21.3 - DoS via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target\u0027s CPU."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2260",
"datePublished": "2022-08-01T12:50:58",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2215 (GCVE-0-2022-2215)
Vulnerability from cvelistv5 – Published: 2022-08-01 12:50 – Updated: 2024-08-03 00:32
VLAI?
Title
GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
Summary
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.21.3 , < 2.21.3
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.21.3",
"status": "affected",
"version": "2.21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:50:18",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GiveWP \u003c 2.21.3 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2215",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.21.3 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2215",
"datePublished": "2022-08-01T12:50:18",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0252 (GCVE-0-2022-0252)
Vulnerability from cvelistv5 – Published: 2022-02-21 10:46 – Updated: 2024-08-02 23:25
VLAI?
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
Summary
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:38.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:46:09",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Import Tool",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0252",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Import Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"name": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0252",
"datePublished": "2022-02-21T10:46:09",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:38.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25100 (GCVE-0-2021-25100)
Vulnerability from cvelistv5 – Published: 2022-02-21 10:45 – Updated: 2024-08-03 19:56
VLAI?
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
Summary
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25100",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"name": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25100",
"datePublished": "2022-02-21T10:45:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25099 (GCVE-0-2021-25099)
Vulnerability from cvelistv5 – Published: 2022-02-21 10:45 – Updated: 2024-08-03 19:56
VLAI?
Title
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
Summary
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Unauthenticated Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25099",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Unauthenticated Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25099",
"datePublished": "2022-02-21T10:45:53",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24524 (GCVE-0-2021-24524)
Vulnerability from cvelistv5 – Published: 2021-08-23 11:09 – Updated: 2024-08-03 19:35
VLAI?
Title
GiveWP < 2.12.0 - Authenticated Stored XSS
Summary
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.12.0 , < 2.12.0
(custom)
|
Credits
Asif Nawaz Minhas
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.12.0",
"status": "affected",
"version": "2.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Asif Nawaz Minhas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:09:59",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GiveWP \u003c 2.12.0 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24524",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.12.0 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.12.0",
"version_value": "2.12.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24524",
"datePublished": "2021-08-23T11:09:59",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2260 (GCVE-0-2022-2260)
Vulnerability from nvd – Published: 2022-08-01 12:50 – Updated: 2024-08-03 00:32
VLAI?
Title
GiveWP < 2.21.3 - DoS via CSRF
Summary
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.21.3 , < 2.21.3
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.21.3",
"status": "affected",
"version": "2.21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target\u0027s CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:50:58",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GiveWP \u003c 2.21.3 - DoS via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2260",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.21.3 - DoS via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target\u0027s CPU."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/831b3afa-8fa3-4cb7-8374-36d0c368292f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2260",
"datePublished": "2022-08-01T12:50:58",
"dateReserved": "2022-06-30T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2215 (GCVE-0-2022-2215)
Vulnerability from nvd – Published: 2022-08-01 12:50 – Updated: 2024-08-03 00:32
VLAI?
Title
GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
Summary
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.21.3 , < 2.21.3
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.21.3",
"status": "affected",
"version": "2.21.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T12:50:18",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GiveWP \u003c 2.21.3 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2215",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.21.3 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21.3",
"version_value": "2.21.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/daa9b6c1-1ee1-434c-9f88-fd273b7e20bb"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2215",
"datePublished": "2022-08-01T12:50:18",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0252 (GCVE-0-2022-0252)
Vulnerability from nvd – Published: 2022-02-21 10:46 – Updated: 2024-08-02 23:25
VLAI?
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
Summary
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:38.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:46:09",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Import Tool",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0252",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Import Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"name": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b0e551af-087b-43e7-bdb7-11d7f639028a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0252",
"datePublished": "2022-02-21T10:46:09",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:38.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25100 (GCVE-0-2021-25100)
Vulnerability from nvd – Published: 2022-02-21 10:45 – Updated: 2024-08-03 19:56
VLAI?
Title
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
Summary
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25100",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
},
{
"name": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fe2c02bf-207c-43da-98bd-4c85d235de8b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25100",
"datePublished": "2022-02-21T10:45:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25099 (GCVE-0-2021-25099)
Vulnerability from nvd – Published: 2022-02-21 10:45 – Updated: 2024-08-03 19:56
VLAI?
Title
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
Summary
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.17.3 , < 2.17.3
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.17.3",
"status": "affected",
"version": "2.17.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Give \u003c 2.17.3 - Unauthenticated Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25099",
"STATE": "PUBLIC",
"TITLE": "Give \u003c 2.17.3 - Unauthenticated Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.17.3",
"version_value": "2.17.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2659032",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2659032"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25099",
"datePublished": "2022-02-21T10:45:53",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24524 (GCVE-0-2021-24524)
Vulnerability from nvd – Published: 2021-08-23 11:09 – Updated: 2024-08-03 19:35
VLAI?
Title
GiveWP < 2.12.0 - Authenticated Stored XSS
Summary
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | GiveWP – Donation Plugin and Fundraising Platform |
Affected:
2.12.0 , < 2.12.0
(custom)
|
Credits
Asif Nawaz Minhas
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.12.0",
"status": "affected",
"version": "2.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Asif Nawaz Minhas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:09:59",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GiveWP \u003c 2.12.0 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24524",
"STATE": "PUBLIC",
"TITLE": "GiveWP \u003c 2.12.0 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.12.0",
"version_value": "2.12.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5a4774ec-c0ee-4c6b-92a6-fa10821ec336"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24524",
"datePublished": "2021-08-23T11:09:59",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}