← back
CVE-2023-0224

GiveWP < 2.24.1 - Unauthenticated SQLi

CVSS 9.8 CRITICALEPSS 3.7%
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · GiveWP
public PoCs found1
cve_referencewpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://givewp.com/core-2-24-0-vulnerability-patched/https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/