The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%.
Deserialization
PHP
RCE
WordPress
Givewp
NVD
CVSS 3.1
9.8
EPSS
91.9%
Threat
6.2