Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

August 20, 2024 at 11:06AM A critical vulnerability in the GiveWP WordPress plugin (CVE-2024-5932, CVSS score 10/10) exposed over 100,000 websites, allowing unauthenticated attackers to execute arbitrary remote code or delete files. Exploiting a bug in serialization, attackers could potentially take over affected sites, which has been addressed in version 3.14.2 and users are urged … Read more