GiveWP – Donation Plugin and Fundraising Platform

Vulnerabilities 89Slug giveLatest version 4.15.0WordPress.org →

Minimum safe version

4.14.6

Update to 4.14.6 or later to address 89 fixable vulnerabilities

Latest available4.15.0
N/A
2026-04-21< 4.14.3

GiveWP – Donation Plugin and Fundraising Platform <= 4.14.2 - Reflected Cross-Site Scripting

WordfenceCVE
Medium 6.5
2026-01-08< 4.13.2

GiveWP <= 4.13.1 - Unauthenticated Arbitrary Shortcode Execution

WordfenceCVE
Medium 5.4
2025-12-23< 4.13.2

GiveWP <= 4.13.1 - Cross-Site Request Forgery

WordfenceCVE
Medium 4.3
2025-08-21< 4.6.1

GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update

EUVDWordfenceCVE
High 7.5
2026-01-07< 4.6.1

FiboSearch <= 1.32.1 - Missing Authorization

WordfenceCVEEUVD
Medium 5.3
2025-08-06< 4.6.1

GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

EUVDWordfenceCVE
Medium 5.4
2025-07-31< 4.6.0

GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting

EUVDWordfenceCVE
Medium 5.4
2025-06-19< 4.3.1

GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification

EUVDWordfenceCVE
Medium 5.3
2025-03-22< 3.22.2

GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure

EUVDWordfenceCVE
Medium 6.5
2025-03-15< 3.22.1

Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function

EUVDWordfenceCVE
Critical 9.8
2025-03-04< 3.20.0

GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection

EUVDWordfenceCVE
Critical 9.8
2025-01-13< 3.19.4

CVE-2025-22777

CVEWordfence
Critical 9.8
2025-01-11< 3.19.3

CVE-2024-12877

CVEWordfence
Critical 9.8
2024-09-30< 3.16.2

WordPress GiveWP Plugin <= 3.16.1 is vulnerable to PHP Object Injection

PatchstackCVEWordfence
Medium 5.4
2024-05-20< 3.11.0

WordPress GiveWP Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfence
Medium 5.4
2024-04-15< 3.7.0

WordPress GiveWP Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfence
High 8.0
2024-04-26< 3.5.0

GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 - Authenticated (GiveWP Manager+) PHP Object Injection

WordfenceCVEPatchstack
N/A
2023-08-31< 2.33.1

Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation

Wordfence
N/A
< 2.25.3

GiveWP &lt; 2.25.3 - Cross-Site Request Forgery

WPScan
N/A
< 0.8.5

Give - Cross-Site Scripting (XSS)

WPScan
N/A
< 2.21.0

Give &lt; 2.21.0 - Reflected Cross-Site Scripting

WPScan
N/A
2023-03-27< 2.25.3

WordPress GiveWP Plugin <= 2.25.2 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack
N/A
2023-03-23< 2.25.3

GiveWP <= 2.25.2 - Cross-Site Request Forgery via give_ajax_store_payment_note

Wordfence
N/A
2023-03-23< 2.25.3

GiveWP <= 2.25.2 - Cross-Site Request Forgery via give_ajax_delete_payment_note

Wordfence
N/A
2023-03-23< 2.25.3

GiveWP <= 2.25.2 - Cross-Site Request Forgery

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Unauthenticated CSV Injection

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Cross-Site Request Forgery via save

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Cross-Site Request Forgery to Cross-Site Scripting via render_dropdown

Wordfence
N/A
2023-03-08< 2.25.2

GiveWP <= 2.25.1 - Cross-Site Request Forgery via process_bulk_action

Wordfence
N/A
2023-01-19< 2.24

GiveWP <= 2.23.2 - Unauthenticated SQL Injection

Wordfence
N/A
2015-04-20< 0.8.5

GiveWP – Donation Plugin and Fundraising Platform < 0.8.5 - Reflected Cross-Site Scripting

Wordfence
N/A
2022-06-20< 2.21.0

WordPress GiveWP plugin <= 2.20.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2015-04-20< 0.8.5

WordPress Give Plugin <= 0.8.4 - Cross Site Scripting (XSS)

Patchstack
N/A
2019-08-12< 2.5.1

WordPress Give plugin <= 2.5.0 - SQL Injection (SQLi) vulnerability

Patchstack
N/A
2019-09-26< 2.5.5

WordPress GiveWp plugin <= 2.5.4 - Authentication Bypass

Patchstack
N/A
2021-03-23< 2.10.0

WordPress GiveWP plugin <= 2.9.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack
N/A
2021-04-21< 2.10.2

WordPress GiveWP plugin <= 2.10.1 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Patchstack