Primary

Context

GiveWP Donation Plugin Missing Authorization Vulnerability Allowing Data Manipulation and View

Vulnerability

Patched

A vulnerability exists in the GiveWP Donation Plugin and Fundraising Platform for WordPress, in all versions through 4.3.0. The issue stems from an inadequate capability check in the permissionsCheck functions, which allows authenticated attackers with Contributor-level access or higher to unauthorizedly view, modify, or delete campaign data. This includes accessing donor information and altering event details related to campaigns.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of campaign data, including deletion of campaigns and access to donor information.

Remediation

Users can update to GiveWP version 4.3.1 or later to address this vulnerability.

Added: Jun 19, 2025, 7:20 AM

Updated: Jun 19, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GiveWP Donation Plugin Missing Authorization Vulnerability Allowing Data Manipulation and View

Vulnerability

Impact

Remediation

Affected Products

GiveWP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating