Cross-Site Request Forgery Vulnerability in GiveWP Plugin for WordPress
CVE-2023-4248
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 11 January 2024
What is CVE-2023-4248?
The GiveWP plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the give_stripe_disconnect_connect_stripe_account function. This flaw allows unauthorized attackers to modify the plugin’s Stripe integration settings. By tricking a site administrator into clicking a malicious link, an attacker can send forged requests that disable essential payment functionalities.
Affected Version(s)
GiveWP – Donation Plugin and Fundraising Platform * <= 2.33.3