Primary

Context

GiveWP Donation Plugin Missing Capability Check Vulnerability in Earnings Report Function

Vulnerability

Patched

A vulnerability exists in the GiveWP Donation Plugin for WordPress, specifically in versions through 3.22.0. The issue arises from a missing capability check in the give_reports_earnings() function, allowing unauthenticated users to access and disclose sensitive data from earnings reports. This unauthorized access could lead to the exposure of confidential information related to donations and fundraising activities.

Impact

Exploitation of this vulnerability allows for unauthorized disclosure of sensitive earnings report data, which could include private donor information and financial details.

Remediation

Users can update to GiveWP version 3.22.1 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GiveWP Donation Plugin Missing Capability Check Vulnerability in Earnings Report Function

Vulnerability

Impact

Remediation

Affected Products

GiveWP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating