Give <= 2.5.0 - SQL Injection



Description
"A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php or includes/donors/class-give-donors-query.php"

Affects Plugin

fixed in version 2.5.1

References

CVE 2019-13578
URL https://fortiguard.com/zeroday/FG-VD-19-098
URL https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Tin Duong of Fortinet's FortiGuard Labs
Views 3310
Verified No
WPVDB ID 9504

Timeline

Publicly Published 2019-08-12 (3 months ago)
Added 2019-08-12 (3 months ago)
Last Updated 2019-08-29 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin