The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to 4.10.0 due to a missing capability check in several functions. This vulnerability allows unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.
CVE-2025-11227
🟡 Medium
CVE-2025-11227: Information Exposure in GiveWP Plugin
The GiveWP plugin for WordPress is vulnerable to Information Exposure, allowing unauthenticated attackers to access private donation forms and campaigns.
CVE ID
CVE-2025-11227
CVSS Score
6.5
Vendor
unknown
Published
Oct 04
Vulnerability Details
- CVE ID
- CVE-2025-11227
- Severity
- Medium
- CVSS v3 Score
- 6.5 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 04, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners