Stored Cross-Site Scripting Vulnerability in GiveWP Donation Plugin for WordPress
CVE-2026-13246
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 July 2026
What is CVE-2026-13246?
The GiveWP Donation Plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied data in the 'givewp_campaign_comments' shortcode. Authenticated attackers, possessing author-level access or higher, can exploit this vulnerability to inject malicious scripts into pages. These scripts can execute whenever a user accesses the impacted page, potentially compromising user security and functionality.
Affected Version(s)
GiveWP β Donation Plugin and Fundraising Platform 0 <= 4.16.0