CVE-2022-2117 - Vulnerability Details - OpenCVE

ReportizFlow

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Givewp	Givewp

Configuration 1 [-]

cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117

History

Wed, 08 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Title		GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure
Weaknesses		CWE-200

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-07-18T16:16:48.000Z

Updated: 2026-04-08T17:15:13.774Z

Reserved: 2022-06-17T00:00:00.000Z

Link: CVE-2022-2117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-18T17:15:09.007

Modified: 2026-04-08T19:17:50.817

Link: CVE-2022-2117

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:13.774Z"}, "affected": [{"vendor": "stellarwp", "product": "GiveWP \u2013 Donation Plugin and Fundraising Platform", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.20.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2."}], "title": "GiveWP \u2013 Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php"}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kane Gamble (Blackfoot UK)"}], "timeline": [{"time": "2022-06-17T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.254Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-2117", "datePublished": "2022-07-18T16:16:48.000Z", "dateReserved": "2022-06-17T00:00:00.000Z", "dateUpdated": "2026-04-08T17:15:13.774Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E1506029-583A-4A35-A169-9B11846FCB17", "versionEndIncluding": "2.20.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2."}, {"lang": "es", "value": "El plugin GiveWP para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial en versiones hasta 2.20.2 incluy\u00e9ndola, por medio del endpoint /donor-wall REST-API que proporciona a usuarios no autenticados informaci\u00f3n sobre los donantes incluso cuando el muro de donantes no est\u00e1 habilitado. Esta funcionalidad ha sido eliminada completamente en versi\u00f3n 2.20.2"}], "id": "CVE-2022-2117", "lastModified": "2026-04-08T19:17:50.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-07-18T17:15:09.007", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php"}, {"source": "[email protected]", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "[email protected]", "type": "Primary"}]}