GiveWP – Donation Plugin and Fundraising Platform

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   GiveWP – Donation Plugin and Fundraising Platform

Information

Software Type Plugin
Software Slug give (view on wordpress.org)
Software Status Active
Software Author stellarwp
Software Website givewp.com
Software Downloads 11,510,244
Software Active Installs 100,000
Software Record Last Updated June 18, 2026

Showing 1-20 of 73 Vulnerabilities

Submit a Vulnerability
GiveWP – Donation Plugin and Fundraising Platform <= 4.14.5 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2026-42678
May 16, 2026
Researcher: thevietronin
GiveWP – Donation Plugin and Fundraising Platform <= 4.14.2 - Reflected Cross-Site Scripting
6.1
CVE-2026-34900
Apr 21, 2026
Researcher: HuajiHD
GiveWP <= 4.14.5 - Missing Authorization
5.3
CVE-2026-42642
Mar 2, 2026
Researcher: Bao - BlueRock
GiveWP <= 4.13.1 - Unauthenticated Arbitrary Shortcode Execution
6.5
CVE-2025-66533
Jan 8, 2026
Researcher: Kishan Vyas
GiveWP <= 4.13.1 - Cross-Site Request Forgery
4.3
CVE-2025-67467
Dec 23, 2025
Researcher: Drew Webber (mcdruid)
GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'
7.2
CVE-2025-13206
Nov 18, 2025
Researcher: shark3y
GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure
6.5
CVE-2025-11227
Oct 3, 2025
Researcher: Rafshanzani Suhada
GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association
5.3
CVE-2025-11228
Oct 3, 2025
Researcher: Rafshanzani Suhada
GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update
4.3
CVE-2025-7221
Aug 20, 2025
Researcher: Brian Sans-Souci (liardom)
GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure
5.3
CVE-2025-8620
Aug 5, 2025
Researchers:
GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting
5.4
CVE-2025-7205
Jul 30, 2025
Researcher: Brian Sans-Souci (liardom)
GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification
5.4
CVE-2025-4571
Jun 18, 2025
Researcher: Brian Sans-Souci (liardom)
GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure
5.3
CVE-2025-2331
Mar 21, 2025
Researcher: Brian Sans-Souci (liardom)
Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
6.5
CVE-2025-2025
Mar 14, 2025
Researcher: mikemyers
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection
9.8
CVE-2025-0912
Mar 3, 2025
Researcher: dream hard
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
9.8
CVE-2024-12877
Jan 10, 2025
Researcher: PetrusViet
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.3 - Unauthenticated PHP Object Injection
9.8
CVE-2025-22777
Jan 10, 2025
Researcher: Edisc
GiveWP – Donation Plugin and Fundraising Platform <= 3.18.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-11921
Dec 6, 2024
Researcher: Hassan Khan Yusufzai - Splint3r7
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution
9.8
CVE-2024-9634
Oct 15, 2024
Researcher: lefab
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
9.8
CVE-2024-8353
Sep 27, 2024
Researcher: cuokon
Title Status CVE ID CVSS Researchers Date
GiveWP – Donation Plugin and Fundraising Platform <= 4.14.5 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2026-42678 7.2 thevietronin May 16, 2026
GiveWP – Donation Plugin and Fundraising Platform <= 4.14.2 - Reflected Cross-Site Scripting Patched CVE-2026-34900 6.1 HuajiHD April 21, 2026
GiveWP <= 4.14.5 - Missing Authorization Patched CVE-2026-42642 5.3 Bao - BlueRock March 2, 2026
GiveWP <= 4.13.1 - Unauthenticated Arbitrary Shortcode Execution Patched CVE-2025-66533 6.5 Kishan Vyas January 8, 2026
GiveWP <= 4.13.1 - Cross-Site Request Forgery Patched CVE-2025-67467 4.3 Drew Webber (mcdruid) December 23, 2025
GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' Patched CVE-2025-13206 7.2 shark3y November 18, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure Patched CVE-2025-11227 6.5 Rafshanzani Suhada October 3, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association Patched CVE-2025-11228 5.3 Rafshanzani Suhada October 3, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update Patched CVE-2025-7221 4.3 Brian Sans-Souci (liardom) August 20, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure Patched CVE-2025-8620 5.3 August 5, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting Patched CVE-2025-7205 5.4 Brian Sans-Souci (liardom) July 30, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification Patched CVE-2025-4571 5.4 Brian Sans-Souci (liardom) June 18, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure Patched CVE-2025-2331 5.3 Brian Sans-Souci (liardom) March 21, 2025
Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function Patched CVE-2025-2025 6.5 mikemyers March 14, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection Patched CVE-2025-0912 9.8 dream hard March 3, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection Patched CVE-2024-12877 9.8 PetrusViet January 10, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.3 - Unauthenticated PHP Object Injection Patched CVE-2025-22777 9.8 Edisc January 10, 2025
GiveWP – Donation Plugin and Fundraising Platform <= 3.18.0 - Reflected Cross-Site Scripting Patched CVE-2024-11921 6.1 Hassan Khan Yusufzai - Splint3r7 December 6, 2024
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution Patched CVE-2024-9634 9.8 lefab October 15, 2024
GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection Patched CVE-2024-8353 9.8 cuokon September 27, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation