Stellarwp Givewp – Donation Plugin And Fundraising Platform
27 CVEs affecting Stellarwp Givewp – Donation Plugin And Fundraising Platform. Latest disclosed: 2025-11-19. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-5932 | Critical | 10.0 | 2024-08-20 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 v… |
CVE-2025-0912 | Critical | 9.8 | 2025-03-04 | The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted i… |
CVE-2024-12877 | Critical | 9.8 | 2025-01-11 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 v… |
CVE-2024-9634 | Critical | 9.8 | 2024-10-16 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 v… |
CVE-2024-8353 | Critical | 9.8 | 2024-09-28 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 v… |
CVE-2025-13206 | High | 7.2 | 2025-11-19 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all version… |
CVE-2024-9130 | High | 7.2 | 2024-09-27 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions… |
CVE-2025-11227 | Medium | 6.5 | 2025-10-04 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 v… |
CVE-2025-2025 | Medium | 6.5 | 2025-03-15 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on th… |
CVE-2024-5940 | Medium | 6.5 | 2024-08-20 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check… |
CVE-2024-3714 | Medium | 6.4 | 2024-05-18 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode… |
CVE-2024-1957 | Medium | 6.4 | 2024-04-13 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode… |
CVE-2024-1424 | Medium | 6.4 | 2024-04-09 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all ve… |
CVE-2025-7205 | Medium | 5.4 | 2025-07-31 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all ve… |
CVE-2025-4571 | Medium | 5.4 | 2025-06-19 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient c… |
CVE-2024-5941 | Medium | 5.4 | 2024-08-20 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capabilit… |
CVE-2024-5977 | Medium | 5.4 | 2024-07-19 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includi… |
CVE-2023-4247 | Medium | 5.4 | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce… |
CVE-2023-4248 | Medium | 5.4 | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce… |
CVE-2025-11228 | Medium | 5.3 | 2025-10-04 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check… |