A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
CVE-2019-13578
Score 9.8 from GitHub Security Advisory (severity: CRITICAL) published 2022-05-24. NVD baseline CVSS 9.8; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 9.8
- EG Score
- 9.8(medium)
- EPSS
- 85.2%
- KEV
- Not listed
Published
August 15, 2019
Last Modified
November 21, 2024
Advisory Details (3)
Auto-updated Jun 6, 2026commit d91f4c6dcc92 (impress-org/give)
Patch available: impress-org/give 4.3.0 (contains commit d91f4c6dcc92)
https://github.com/impress-org/give/commit/d91f4c6dcc92aeb826b060cb2feadd56885f4ceacommit 97b9b5fae2d1 (impress-org/give)
Patch available: impress-org/give 4.3.0 (contains commit 97b9b5fae2d1)
https://github.com/impress-org/give/commit/97b9b5fae2d10742ee42fe00092729fa7da3cb32commit 894937d7927e (impress-org/give)
Patch available: impress-org/give 4.3.0 (contains commit 894937d7927e)
https://github.com/impress-org/give/commit/894937d7927eab0c98457656cbd6fb414b3a6fbfWeakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Frequently asked(5)
What is CVE-2019-13578?
When was CVE-2019-13578 disclosed?
Is CVE-2019-13578 actively exploited?
What is the CVSS score of CVE-2019-13578?
How do I remediate CVE-2019-13578?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-13578
Is Your Infrastructure Affected by CVE-2019-13578?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.