#CVE20245932

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

by

August 21, 2024 at 12:51AM A critical security flaw (CVE-2024-5932) in WordPress GiveWP plugin allows remote code execution, affecting over 100,000 websites. Researchers also disclosed vulnerabilities in other WordPress plugins (e.g., InPost PL, JS Help Desk). Patching against these flaws is crucial to prevent attacks. Website owners are advised against using nulled plugins and themes … Read more

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

by

August 20, 2024 at 11:06AM A critical vulnerability in the GiveWP WordPress plugin (CVE-2024-5932, CVSS score 10/10) exposed over 100,000 websites, allowing unauthenticated attackers to execute arbitrary remote code or delete files. Exploiting a bug in serialization, attackers could potentially take over affected sites, which has been addressed in version 3.14.2 and users are urged … Read more