Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2023-0224

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks

Published: Jan 16, 2024
Updated: Jan 23, 2024
CVE: CVE-2023-0224
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
givewp / givewp	-	2.24.1

https://givewp.com/core-2-24-0-vulnerability-patched/
https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo