Give WP < 2.5.10 - Multiple Issues



Description
- Unauthenticated Plugin's Settings Change.
- Authenticated Plugin's Settings Change.
- Improper validation of untrusted data in Headers used to retrieve the user's IP address.

Affects Plugin

fixed in version 2.5.10

References

URL https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-wordpress-givewp-plugin/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet
Views 3801
Verified No
WPVDB ID 9931

Timeline

Publicly Published 2019-10-30 (about 1 month ago)
Added 2019-10-30 (about 1 month ago)
Last Updated 2019-11-28 (10 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin