The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the setup wizard administrative pages.
References
Configurations
History
26 Aug 2024, 18:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/src/Onboarding/Wizard/Page.php#L78 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset/3120745/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/a104f88b-deae-465d-b4c1-9a1fc78e5ee9?source=cve - Third Party Advisory | |
First Time |
Givewp givewp
Givewp |
|
CPE | cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:* |
20 Aug 2024, 15:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Aug 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-20 02:15
Updated : 2024-08-26 18:12
NVD link : CVE-2024-5939
Mitre link : CVE-2024-5939
CVE.ORG link : CVE-2024-5939
JSON object : View
Products Affected
givewp
- givewp
CWE
CWE-862
Missing Authorization