CVE-2022-2117 Information

Description

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.

Reference

https://plugins.trac.wordpress.org/changeset/2743833/give/tags/2.21.0/includes/api/class-give-api-v2.php https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2117