CVE-2026-42678

Name of the Vulnerable Software and Affected Versions GiveWP versions prior to 4.14.6

Description Improper neutralization of input during web page generation in Liquid Web / StellarWP GiveWP allows for DOM-Based Cross-site Scripting (XSS), a flaw where the application contains client-side JavaScript that processes data from an untrusted source in an unsafe way, typically by writing the data to a dangerous sink.

Recommendations Update to a version newer than 4.14.5.