The give plugin before 2.4.7 for WordPress has XSS via a donor name.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
CVSS Score
9.8
EPSS Score
0.03
Published
2019-08-15
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
Page 6