⚠️ Vulnerability Found in GiveWP WordPress Plugin Puts Over 100,000 Websites at Risk

💻 Vulnerability discovered in WordPress’ GiveWP fundraising plugin that exposes over 100,000 websites to remote code execution attacks.
This vulnerability, tracked as CVE-2024-5932 (https://nvd.nist.gov/vuln/detail/cve-2024-5932) (CVSS score: 10.0), affects all versions of the GiveWP plugin prior to version 3.14.2.
🧑‍💻 This information is related to Wordfence InPost PL and InPost for WooCommerce WordPress plugins (CVE-2024-6500 (https://nvd.nist.gov/vuln/detail/cve-2024-6500), CVSS score: 10.0 ) detailing another critical vulnerability (https://www.wordfence.com/blog/2024/08/10000-wordpress-sites-affected-by-arbitrary-file-read-and-delete-vulnerability-in- inpost-pl-and-inpost-for-woocommerce-wordpress-plugins/) appeared a few days later.
Another critical vulnerability was discovered in WordPress’ JS Help Desk plugin with over 5000 active installations (CVE-2024-7094 (https://nvd.nist.gov/vuln/detail/CVE-2024-7094), CVSS score : 9.8) allows remote code execution due to a PHP code injection flaw. A security update for the vulnerability was released in version 2.8.7.
⚠️ Other security flaws addressed in various WordPress plugins are listed below:

CVE-2024-6220 (https://www.wordfence.com/blog/2024/07/over-8000-exploit-attempts-already-blocked-for-recently-patched-unauthenticated-arbitrary-file-upload-vulnerability- in-keydatas-wordpress-plugin/) advanced vulnerability;

CVE-2024-6467 (https://www.wordfence.com/blog/2024/07/10000-wordpress-sites-affected-by-high-severity-vulnerabilities-in-bookingpress-wordpress-plugin/) ;

CVE-2024-5441 (https://www.wordfence.com/blog/2024/07/3094-bounty-awarded-and-150000-wordpress-sites-protected-against-arbitrary-file-upload-vulnerability-patched- in-modern-events-calendar-wordpress-plugin/) advanced vulnerability;

CVE-2024-6411 (https://www.wordfence.com/blog/2024/07/7000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-profilegrid-wordpress-plugin/) high level vulnerability :
✅ UZCERT recommends that WordPress customers implement security updates released by WordPress and regularly monitor the WordPress security tips page.
✉️ Join the official telegram page of UZCERT service! (https://t.me/uzcert_live)

Skip to content