CVE-2022-2260

Name of the Vulnerable Software and Affected Versions GiveWP WordPress plugin versions prior to 2.21.3

Description The issue allows attackers to perform a Denial of Service (DoS) attack on the web server via a Cross-Site Request Forgery (CSRF) attack. This happens because the plugin lacks CSRF protection when exporting data and does not validate parameters such as dates. As a result, the plugin may attempt to retrieve data from the database multiple times, overwhelming the target's CPU.

Recommendations For versions prior to 2.21.3, update to version 2.21.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the export functionality to minimize the risk of exploitation.