vulnerability

WordPress Plugin: give: CVE-2025-11227: Improper Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Oct 3, 2025	Oct 6, 2025	Oct 6, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Oct 3, 2025

Added

Oct 6, 2025

Modified

Oct 6, 2025

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. This makes it possible for unauthenticated attackers to extract data from private and draft donation forms, as well as archived campaigns.

Solution

give-plugin-cve-2025-11227

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-11227
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/54db1807-69ff-445c-9e02-9abce9fd3940?source=api-prod
CVE-2025-11227
https://attackerkb.com/topics/CVE-2025-11227
CWE-285

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today