Home > Vulnerability Database > CVE-2022-2117

Mend.io Vulnerability Database

CVE-2022-2117

Good to know:

Date: July 18, 2022

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

Language: PHP

Severity Score

5.3

Related Resources (5)

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2117

Url: https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117

Url: https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php

Url: https://www.mend.io/vulnerability-database/CVE-2022-2117

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version wordimpress/give - 2.5.8;wordimpress/give - issue/2056;wordimpress/give - 2.2.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2117

Good to know:

Date: July 18, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?