Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.
References
Link | Resource |
---|---|
https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-3-19-3-php-object-injection-vulnerability?_s_id=cve | Third Party Advisory |
https://securityonline.info/cve-2025-22777-cvss-9-8-critical-security-alert-for-givewp-plugin-with-100000-active-installations/ | Permissions Required Third Party Advisory |
Configurations
History
04 Jun 2025, 14:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-3-19-3-php-object-injection-vulnerability?_s_id=cve - Third Party Advisory | |
References | () https://securityonline.info/cve-2025-22777-cvss-9-8-critical-security-alert-for-givewp-plugin-with-100000-active-installations/ - Permissions Required, Third Party Advisory | |
First Time |
Givewp
Givewp givewp |
|
CPE | cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:* | |
Summary |
|
13 Jan 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jan 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-13 14:15
Updated : 2025-06-04 14:07
NVD link : CVE-2025-22777
Mitre link : CVE-2025-22777
CVE.ORG link : CVE-2025-22777
JSON object : View
Products Affected
givewp
- givewp
CWE
CWE-502
Deserialization of Untrusted Data