cleantalk
Vulnerabilities and Security Researches

GiveWP – Donation Plugin and Fundraising Platform, CVE-2021-25099

CVE, Research URL

CVE-2021-25099

Home page URL

Security reports for GiveWP – Donation Plugin and Fundraising Platform

Application

GiveWP – Donation Plugin and Fundraising Platform

Published on
Feb 21, 2022
Research Description
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting
Affected versions
Min -, max 2.17.3.
Status
vulnerable
Previous vulnerability researches
Giveaway Boost (CVE-2024-49332) , Oct 20, 2024
Giveaways and Contests by PromoSimple (CVE-2025-23934) , Jan 18, 2025
WPExperts Square For GiveWP (CVE-2024-13713) , Feb 22, 2025
WPExperts Square For GiveWP (CVE-2024-47338) , Sep 30, 2024
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-11898) , Dec 06, 2024
New vulnerability
WP Last Modified (CVE-2025-28907) , Mar 13, 2025
Lunar – Sell photos online (CVE-2025-28936) , Mar 13, 2025
Skrill Official (CVE-2025-28876) , Mar 13, 2025
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025
All-in-One WP Migration (CVE-2024-10942) , Mar 13, 2025