GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure
CVE-2022-2117

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: GiveWP – Donation Plugin And Fundraising Platform
Vendor: CVE Published:; 18 July 2022

Summary

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

Affected Version(s)

GiveWP – Donation Plugin and Fundraising Platform * <= 2.20.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2743833/give...

https://www.wordfence.com/vulnerability-advisories/#CVE-2...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Jun 17, 2022

Credit

Kane Gamble (Blackfoot UK)