The GiveWP – Donation Plugin and Fundraising Platform...
Moderate severity
Unreviewed
Published
Aug 20, 2024
to the GitHub Advisory Database
•
Updated Aug 20, 2024
Description
Published by the National Vulnerability Database
Aug 20, 2024
Published to the GitHub Advisory Database
Aug 20, 2024
Last updated
Aug 20, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the setup wizard administrative pages.
References