CVE-2024-5940

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 3.13.1

Description: The issue allows unauthorized modification of data due to a missing capability check on the handle request function. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.

Recommendations: For versions prior to 3.13.1, update to version 3.13.1 or later to resolve the issue. As a temporary workaround, consider disabling the handle request function or the Events beta feature until a patch is available. Restrict access to event ticket settings to minimize the risk of exploitation.