Insufficient Capability Check in GiveWP Donation Plugin for Unauthorized Access
CVE-2025-4571

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: GiveWP – Donation Plugin And Fundraising Platform
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-4571?

The GiveWP Donation Plugin and Fundraising Platform for WordPress contains a vulnerability that allows authenticated attackers, with Contributor-level access and higher, to perform unauthorized actions. This includes viewing and modifying fundraising campaigns and donor data due to an insufficient capability check in the permissionsCheck functions. Attackers could exploit this flaw to delete campaigns and access sensitive donor information, compromising the integrity of fundraising activities.

Affected Version(s)

GiveWP – Donation Plugin and Fundraising Platform * <= 4.3.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/give/tags/4.2....

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025
Vulnerability Reserved
May 12, 2025

Credit

Brian Sans-Souci