WordPress GiveWP Plugin Security Update Advisory (CVE-2024-5932)

Overview

 

An update has been released to address vulnerabilities in the WordPress GiveWP Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-5932

  • Donation Plugin and Fundraising Platform versions: ~ 3.14.1 (inclusive)

 

 

Resolved Vulnerabilities

 

PHP object injection vulnerability due to deserialization of untrusted input in the ‘give_title’ parameter (CVE-2024-5932)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-5932

  • Donation Plugin and Fundraising Platform version: 3.14.2

 

 

References

 

[1] CVE-2024-5932 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-5932

[2] GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 – Unauthenticated PHP Object Injection to Remote Code Execution

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3141-unauthenticated-php-object-injection-to-remote-code-execution

Article Link: WordPress GiveWP Plugin Security Update Advisory (CVE-2024-5932) – ASEC