Critical WordPress GiveWP Flaw Exposes 100,000+ Sites to RCE & File Deletion

Red | Vulnerability Report
Download PDF

CVE-2024-5932 is a critical vulnerability in the GiveWP plugin for WordPress, allowing unauthenticated attackers to execute arbitrary code and delete files. The vulnerability, with a CVSS score of 10.0, is present in all versions up to 3.14.1 due to improper validation of the give_title parameter. Users are advised to update to version 3.14.2 or later to mitigate the risks of complete site compromise, data loss, and operational disruptions.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox