CVE-2025-11228

Medium CVSS: 5.3

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.

Vendor

Givewp

Product

Givewp

CWE

CWE-862

Yayın Tarihi

2025-10-04 03:15:37

Güncelleme

2025-11-26 17:04:30

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Givewp MEDIUM Givewp 2025

Referanslar

https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/DonationForms/Routes/DonationFormsEntityRoute.php#L131 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3371948%40give&new=3371948%40give&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf9a043-5eb6-46fd-88c2-0f5a04f73fc9?source=cve

Benzer Kayıtlar

High

CVE-2025-13206

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting…

Medium

CVE-2025-11227

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-7221

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of…

Medium

CVE-2025-8620

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting…

Medium

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modifi…