Primary

Context

GiveWP Donation Plugin and Fundraising Platform Missing Authorization Vulnerability in Forms-Campaign Association

Vulnerability

Patched

A vulnerability exists in the GiveWP Donation Plugin and Fundraising Platform for WordPress, in all versions through 4.10.0. The issue arises from a lack of proper capability checks in the 'registerAssociateFormsWithCampaign' function, allowing unauthenticated attackers to associate any donation forms with any campaign. This unauthorized modification of data could lead to misuse of the donation forms and campaigns on the affected WordPress site.

Impact

Exploitation of this vulnerability allows for unauthorized association of donation forms with campaigns, potentially leading to misuse of fundraising efforts or misrepresentation of donation activities.

Remediation

Users can update to GiveWP version 4.10.1 or later, where this vulnerability has been patched.

Added: Oct 4, 2025, 3:22 AM

Updated: Oct 4, 2025, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GiveWP Donation Plugin and Fundraising Platform Missing Authorization Vulnerability in Forms-Campaign Association

Vulnerability

Impact

Remediation

Affected Products

GiveWP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating