Tech News
GiveWP Plugin Vulnerability Risked 100,000+ Websites To RCE
A critical code execution vulnerability has been discovered in the GiveWP WordPress plugin, putting thousands of websites at risk. It is essential for users of this plugin to update to the latest release in order to patch this security issue.
GiveWP Plugin Vulnerability Exposed to Remote Code Execution
Recently, Wordfence revealed a serious code execution vulnerability in the GiveWP plugin. GiveWP is a popular WordPress plugin that offers features for easy donations and fundraising. However, with over 100,000 active installations, the plugin poses a significant security risk to numerous WordPress sites worldwide due to this vulnerability.
The vulnerability, identified as a PHP Object Injection flaw, affected all versions of the GiveWP plugin up to v.3.14.1. It stemmed from the “deserialization of untrusted input from the ‘give_title’ parameter.” Exploiting this flaw allowed unauthorized attackers to inject a malicious PHP object. Furthermore, the presence of the POP chain enabled attackers to carry out various malicious activities, including remote code execution and deletion of files.
Assigned the CVE-2024-5932 identifier, this vulnerability was rated critical with a CVSS score of 10.0. A score of 10.0 signifies the highest level of severity for a vulnerability, indicating a significant threat to affected users if exploited.
Patch Released – Act Now!
The security researcher Villu Orav (villu164) first identified this vulnerability and responsibly disclosed it through Wordfence’s bug bounty program.
In response to the report, the GiveWP team promptly addressed the issue in plugin version 3.14.2, which was released earlier this month. Wordfence rewarded the researcher with a $4998 bug bounty for the discovery.
The latest version of the plugin listed on the official WordPress page is 3.15.1. Users are strongly advised to update their websites to this version to ensure they receive all security patches and enhancements.
We welcome your feedback in the comments section.
10 Powerful Ways to Invest in Yourself and Restart Your Self Growth
10 Tips to Prevent Cavities in Kids: A Parent’s Guide
Israeli soldiers pushed three apparently lifeless bodies from roofs during a West Bank raid
YEAH! YOU WANT “THOSE GAMES,” RIGHT? SO HERE YOU GO! NOW, LET’S SEE YOU CLEAR THEM! 1+2 announced
Do you need an expensive record player?
Sony’s throwback PS5 Pro limited edition takes us back to the 90s
Commuters warned of delays amid Commercial Broadway Station escalator replacement – BC
Lorne Michaels Weighs In On Who Will Play Donald Trump On ‘SNL’ Season 50
UPDATE: It’s actually happening: Palworld developer Pocketpair is being sued by Nintendo and The Pokémon Company
YouTube Now Displays Adverts When Paused
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
Democrats and allies to flood airwaves, drop more than $125M on abortion push
Family Holiday Checklist | What To Pack Family Holiday
Concord price, beta, preorder details for PS5 and PC confirmed
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
Tim Scott Makes New Push to Woo Black and Hispanic Republicans
Epic Bus Tours New Zealand
-
Tech News3 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months agoOur new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Activities4 months agoFamily Holiday Checklist | What To Pack Family Holiday
-
Breaking News4 months agoDemocrats and allies to flood airwaves, drop more than $125M on abortion push
-
Destination3 months agoTurkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
-
Gaming3 months agoConcord price, beta, preorder details for PS5 and PC confirmed