CVE-2025-7205

Medium CVSS: 5.4

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with GiveWP worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Additionally, they need to trick an administrator into visiting the legacy version of the site.

Vendor

Givewp

Product

Givewp

CWE

CWE-79

Yayın Tarihi

2025-07-31 08:15:25

Güncelleme

2025-08-13 19:30:16

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Givewp MEDIUM Givewp 2025

Referanslar

https://plugins.trac.wordpress.org/browser/give/trunk/src/API/REST/V3/Routes/Donors/DonorNotesController.php#51 https://plugins.trac.wordpress.org/changeset/3333090/give https://www.wordfence.com/threat-intel/vulnerabilities/id/39e501d8-88a0-4625-aeb0-aa33fc89a8d4?source=cve

Benzer Kayıtlar

High

CVE-2025-13206

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting…

Medium

CVE-2025-11228

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of…

Medium

CVE-2025-11227

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-7221

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of…

Medium

CVE-2025-8620

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modifi…