CVE-2024-5977
GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post ActionsThe GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts.
We have discovered 11,415 live websites that are affected by CVE-2024-5977.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,415 live websites (31.31% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 209 versions ( 88.19% of all versions) |
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled KeyDetails
- Published - Jul 19, 2024
- Updated - Aug 1, 2024
Credits
- Thanh Nam Tran (finder)
CWE
CVE References
CWE References
CVE-2024-5977 usage by Country
 United States | 5,282 websites |
 Germany | 1,238 websites |
 France | 683 websites |
 GB | 591 websites |
 Cyprus | 333 websites |
 Italy | 310 websites |
 Canada | 242 websites |
 Australia | 198 websites |
 Spain | 181 websites |
 South Africa | 152 websites |
CVE-2024-5977 usage by TLD
| .org | 4,506 websites |
| .com | 2,878 websites |
| .de | 313 websites |
| .it | 252 websites |
| .net | 196 websites |
| .fr | 195 websites |
| .ca | 189 websites |
| .org.uk | 188 websites |
| .co.uk | 161 websites |
| .nl | 103 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5977
Top websites that are affected by CVE-2024-5977. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.sk | United States | **,*** | |
| ********.org | United States | **,*** | |
| *********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| ****************.org | Germany | **,*** | |
| *******.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| ****.org | United States | **,*** | |
| **********.net | United States | ***,*** | |
| ***.***.uk | United States | ***,*** |
FAQ
CVE-2024-5977 is Authorization Bypass Through User-Controlled Key in GiveWP
A total of 11,415 websites have been identified as vulnerable to CVE-2024-5977, discovered through global website indexing conducted by WebTechSurvey.
GiveWP is susceptible to CVE-2024-5977 vulnerability.
GiveWP versions before, and including, 3.13 are vulnerable to CVE-2024-5977.