Stored Cross-Site Scripting Vulnerability in GiveWP Donation Plugin
CVE-2026-13704
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2026-13704?
The GiveWP Donation Plugin for WordPress is exposed to a stored cross-site scripting vulnerability through the 'sequoia[introduction][image]' parameter. This flaw arises from inadequate input sanitization and output escaping, allowing authenticated users with Give Worker-level access or higher to inject malicious web scripts. These scripts execute when users access the compromised pages, potentially leading to unauthorized access or data manipulation.
Affected Version(s)
GiveWP β Donation Plugin and Fundraising Platform 0 <= 4.16.1