CVE-2025-2025

Medium CVSS: 6.5

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports.

Vendor

Givewp

Product

Givewp

CWE

CWE-862

Yayın Tarihi

2025-03-15 12:15:12

Güncelleme

2025-03-25 19:48:15

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Givewp MEDIUM Givewp 2025

Referanslar

https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/reports/reports.php#L304 https://plugins.trac.wordpress.org/changeset/3252319/ https://wordpress.org/plugins/give/#description https://www.wordfence.com/threat-intel/vulnerabilities/id/40595943-121d-4492-a0ed-f2de1bd99fda?source=cve

Benzer Kayıtlar

High

CVE-2025-13206

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting…

Medium

CVE-2025-11228

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of…

Medium

CVE-2025-11227

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-7221

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of…

Medium

CVE-2025-8620

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all…

Medium

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting…