Nixpkgs security tracker

Untriaged

Permalink CVE-2025-66533

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 4 months ago

WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.

References

Affected products

give

=<<= 4.13.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29
nixos-25.11 2022-05-29
- nixpkgs-25.11-darwin 2022-05-29

Untriaged

Permalink CVE-2025-67467

4.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

created 4 months ago

WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.

References

Affected products

give

=<<= 4.13.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29
nixos-25.11 2022-05-29
- nixpkgs-25.11-darwin 2022-05-29

Published

Permalink CVE-2025-47444

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 6 months, 4 weeks ago by @Erethon Activity log

Created automatic suggestion 8 months ago
@Erethon accepted 6 months, 4 weeks ago
@Erethon published on GitHub 6 months, 4 weeks ago

WordPress GiveWP Plugin < 4.6.1 is vulnerable to Sensitive Data (PII) Exposure

Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.

References

https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-g… vdb-entry
https://github.com/impress-org/givewp/issues/8042 technical-descriptionissue-tracking
https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-g… vdb-entry
https://github.com/impress-org/givewp/issues/8042?_s_id=cve technical-descriptionissue-tracking

Affected products

give

<4.6.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29

Untriaged

Permalink CVE-2023-23668

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year, 3 months ago

WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.

References

https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entry
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entryx_transferred
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entry
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entryx_transferred
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entry
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25… vdb-entryx_transferred

Affected products

give

=<2.25.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29

Untriaged

Permalink CVE-2023-47183

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year, 3 months ago

WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

References

Affected products

give

=<2.33.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29

Untriaged

Permalink CVE-2023-23672

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year, 3 months ago

WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

References

Affected products

give

=<2.25.1

Matching in nixpkgs

pkgs.filegive

Easy p2p file sending program

nixos-unstable 2022-05-29
- nixpkgs-unstable 2022-05-29
- nixos-unstable-small 2022-05-29

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.filegive

References

Affected products

Matching in nixpkgs

pkgs.filegive

References

Affected products

Matching in nixpkgs

pkgs.filegive

References

Affected products

Matching in nixpkgs

pkgs.filegive

References

Affected products

Matching in nixpkgs

pkgs.filegive

References

Affected products

Matching in nixpkgs

pkgs.filegive