The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
CVE-2025-11228
🟡 Medium
CVE-2025-11228: Unauthorized Data Modification in GiveWP Plugin
The GiveWP – Donation Plugin for WordPress is vulnerable due to a missing capability check in the registerAssociateFormsWithCampaign function, potentially allowing unauthorized data modification.
CVE ID
CVE-2025-11228
CVSS Score
5.3
Vendor
unknown
Published
Oct 04
Vulnerability Details
- CVE ID
- CVE-2025-11228
- Severity
- Medium
- CVSS v3 Score
- 5.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 04, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners