A severe security flaw has been discovered in GiveWP, a popular WordPress donation plugin with over 100,000 active installations.
The vulnerability, classified as an unauthenticated PHP Object Injection leading to Remote Code Execution (RCE), was responsibly reported through the Wordfence Bug Bounty Program on May 26th, 2024.
https://cybersecuritynews.com/wordpress ... erability/