Givewp

This hub aggregates every CVE we track for Givewp, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premweb app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM46HIGH10CRITICAL10

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Givewp.

CVE-2026-34900WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability7.1Jun 15, 2026
CVE-2026-42678WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability7.1Jun 1, 2026
CVE-2026-42642WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability5.3Apr 29, 2026
CVE-2025-66533WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability5.3Dec 9, 2025
CVE-2025-67467WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability5.4Dec 9, 2025
CVE-2025-13206GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'7.2Nov 19, 2025
CVE-2025-11228GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association5.3Oct 4, 2025
CVE-2025-11227GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure6.5Oct 4, 2025
CVE-2025-7221GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update4.3Aug 21, 2025
CVE-2025-8620GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure5.3Aug 6, 2025
CVE-2025-7205GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting5.4Jul 31, 2025
CVE-2025-4571GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification5.4Jun 19, 2025
CVE-2025-2331GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure5.3Mar 22, 2025
CVE-2025-2025Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function6.5Mar 15, 2025
CVE-2025-0912GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection9.8Mar 4, 2025

Product normalization is registry-driven with AI assist and human review. How it works