cve/2024/CVE-2024-5932.md

### [CVE-2024-5932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5932)
![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.14.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)

### Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

### POC

#### Reference
- https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/

#### Github
- https://github.com/0xb0mb3r/CVE-2024-8353-PoC
- https://github.com/12442RF/POC
- https://github.com/20142995/nuclei-templates
- https://github.com/DMW11525708/wiki
- https://github.com/EQSTLab/CVE-2024-5932
- https://github.com/EQSTLab/CVE-2024-8353
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Linxloop/fork_POC
- https://github.com/Ostorlab/KEV
- https://github.com/OxLmahdi/cve-2024-5932
- https://github.com/WhosGa/MyWiki
- https://github.com/admin772/POC
- https://github.com/adysec/POC
- https://github.com/cisp-pte/POC-20241008-sec-fork
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/hlc23/CVE-2024-5932-web-ui
- https://github.com/iemotion/POC
- https://github.com/laoa1573/wy876
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/plbplbp/loudong001
- https://github.com/tk-1001/PHPexploit_pack
-												Update CVE sources 2024-08-22 18:33

											
										
										
											2024-08-22 18:33:16 +00:00
+								### [CVE-2024-5932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5932)
 								![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue)
 								![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.14.1%20&color=brighgreen)
 								![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
 								### Description
 								The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
 								### POC
 								#### Reference
 								- https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/
 								#### Github
-												Update CVE sources 2025-09-29 16:08

											
										
										
											2025-09-29 16:08:36 +00:00
+								- https://github.com/0xb0mb3r/CVE-2024-8353-PoC
 								- https://github.com/12442RF/POC
-												Update CVE sources 2024-08-22 18:33

											
										
										
											2024-08-22 18:33:16 +00:00
+								- https://github.com/20142995/nuclei-templates
-												Update CVE sources 2025-09-29 16:08

											
										
										
											2025-09-29 16:08:36 +00:00
+								- https://github.com/DMW11525708/wiki
 								- https://github.com/EQSTLab/CVE-2024-5932
 								- https://github.com/EQSTLab/CVE-2024-8353
 								- https://github.com/Lern0n/Lernon-POC
 								- https://github.com/Linxloop/fork_POC
-												Update CVE sources 2024-08-23 18:19

											
										
										
											2024-08-23 18:19:28 +00:00
+								- https://github.com/Ostorlab/KEV
-												Update CVE sources 2025-09-29 16:08

											
										
										
											2025-09-29 16:08:36 +00:00
+								- https://github.com/OxLmahdi/cve-2024-5932
 								- https://github.com/WhosGa/MyWiki
 								- https://github.com/admin772/POC
 								- https://github.com/adysec/POC
 								- https://github.com/cisp-pte/POC-20241008-sec-fork
 								- https://github.com/eeeeeeeeee-code/POC
 								- https://github.com/greenberglinken/2023hvv_1
 								- https://github.com/hlc23/CVE-2024-5932-web-ui
 								- https://github.com/iemotion/POC
 								- https://github.com/laoa1573/wy876
-												Update CVE sources 2024-08-22 18:33

											
										
										
											2024-08-22 18:33:16 +00:00
+								- https://github.com/nomi-sec/PoC-in-GitHub
-												Update CVE sources 2025-09-29 16:08

											
										
										
											2025-09-29 16:08:36 +00:00
+								- https://github.com/oLy0/Vulnerability
 								- https://github.com/plbplbp/loudong001
 								- https://github.com/tk-1001/PHPexploit_pack
-												Update CVE sources 2024-08-22 18:33

											
										
										
											2024-08-22 18:33:16 +00:00