WordPress GiveWP Plugin Security Update Advisory (CVE-2024-8353)

Oct 04 2024

Overview

An update has been released to address vulnerabilities in WordPress GiveWP Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8353

GiveWP versions: ~ 3.16.1 (inclusive)

Resolved Vulnerabilities

PHP object injection vulnerability via deserialization of untrusted input via multiple parameters such as ‘give_title’ and ‘card_address’ (CVE-2024-8353)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8353

GiveWP version: 3.16.2

Referenced Sites

[1] CVE-2024-8353 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8353

[2] GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 – Unauthenticated PHP Object Injection

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection

WordPress GiveWP Plugin Security Update Advisory (CVE-2024-8353)

Mozilla Products October 2024 1st Security Update Advisory

Cisco Family October 2024 First Round Security Update Advisory

Tags:

Mozilla Products October 2024 1st Security Update Advisory

Cisco Family October 2024 First Round Security Update Advisory