CVE Details
Basic Information
| Title | GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure |
|---|---|
| Type | cve |
| Published | 2025-08-06T09:22:32.841Z |
| Modified | 2025-08-06T09:22:32.841Z |
Product Information
| Vendor | givewp |
|---|---|
| Product | GiveWP – Donation Plugin and Fundraising Platform |
| Version | * |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
AI Analysis
| AI Description | A vulnerability in the GiveWP plugin allows unauthenticated attackers to expose donor information, including names and emails, in versions up to 4.6.0. |
|---|---|
| AI Severity | Medium |
| AI Vendor | WordPress Community |
| AI Product | GiveWP – Donation Plugin and Fundraising Platform |
| AI Version | 4.6.0 |
Affected Products
- givewp GiveWP – Donation Plugin and Fundraising Platform *
Additional Information
| CWE List | CWE-200 |
|---|---|
| Source | Wordfence |
Description
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc7c5a6-513e-4aa8-9538-0ac6fb37c867?source=cve
- https://www.linkedin.com/posts/givewp_givewp-support-handpicked-from-the-best-activity-7356319738290974720-Dt4U/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABmBk5UBxPIzCp0cgsD1_1xKASTMphetnI4
- https://github.com/impress-org/givewp/issues/8042
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3336253%40give&new=3336253%40give&sfp_email=&sfph_mail=