Overview
An update has been released to address vulnerabilities in the WordPress GiveWP Plugin. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-5932
- Donation Plugin and Fundraising Platform versions: ~ 3.14.1 (inclusive)
Resolved Vulnerabilities
PHP object injection vulnerability due to deserialization of untrusted input in the ‘give_title’ parameter (CVE-2024-5932)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-5932
- Donation Plugin and Fundraising Platform version: 3.14.2
References
[1] CVE-2024-5932 Detail
https://nvd.nist.gov/vuln/detail/cve-2024-5932
[2] GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 – Unauthenticated PHP Object Injection to Remote Code Execution
Article Link: WordPress GiveWP Plugin Security Update Advisory (CVE-2024-5932) – ASEC