Name of the Vulnerable Software and Affected Versions:

GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.5.1

Description:

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `donor notes` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with GiveWP worker-level access or higher to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page, requiring the attacker to trick an administrator into visiting the legacy version of the site.

Recommendations:

Update GiveWP – Donation Plugin and Fundraising Platform to version 4.5.1 or later.