CSRF Vulnerability in GiveWP
CVE-2024-47315

8.8HIGH

Key Information:

Vendor: GiveWP
Status: GiveWP
Vendor: CVE Published:; 25 September 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists within the GiveWP Donation Plugin, allowing attackers to perform unauthorized actions on behalf of authenticated users. This issue affects installations of GiveWP from version n/a through 3.15.1. Exploiting this vulnerability may enable attackers to manipulate donations or other functionalities without the user's consent, compromising the integrity and security of the donation system. It is crucial for users of affected versions to apply patches or upgrades to secure their websites against potential exploitation.

References

https://patchstack.com/database/vulnerability/give/wordpr...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024

Collectors

NVD Database