Description

WordPress Plugin GiveWP-Donation and Fundraising Platform is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin GiveWP-Donation and Fundraising Platform version 2.20.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.21.0 or latest

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117

https://plugins.svn.wordpress.org/give/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Request Forgery (3.6.4)

WordPress Plugin Imsanity Unspecified Vulnerability (2.3.3)

WordPress Plugin Contact Form DB-Elementor Cross-Site Request Forgery (1.5)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

WordPress Plugin WP Private Message Insecure Direct Object Reference (1.0.5)

Severity

High

Classification

CVE-2022-2117 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Information Disclosure