Vulnerability CVE-2022-2117
Published: 2022-07-18

Description:
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

Type:

CWE-200

 (Information Exposure)

 References:
https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117
Copyright 2026, cxsecurity.com

 

Back to Top