Information Exposure in GiveWP Donation Plugin for WordPress
CVE-2025-11227

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
GiveWP – Donation Plugin And Fundraising Platform
Vendor
CVE Published:
4 October 2025

What is CVE-2025-11227?

The GiveWP Donation Plugin for WordPress contains a vulnerability that allows unauthenticated attackers to access sensitive data from private and draft donation forms, along with archived campaigns. This issue arises due to absent capability checks in several functions like 'registerGetForm', 'registerGetForms', 'registerGetCampaign', and 'registerGetCampaigns'. Without proper restrictions, attackers can potentially exploit this access to extract confidential information, posing a significant risk to site integrity and user privacy.

Affected Version(s)

GiveWP – Donation Plugin and Fundraising Platform * <= 4.10.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/give/tags/4.9....
https://plugins.trac.wordpress.org/browser/give/tags/4.9....

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafshanzani Suhada
JSON
.
CVE-2025-11227 : Information Exposure in GiveWP Donation Plugin for WordPress