CVE-2025-22777

🗓️ 13 Jan 2025 13:10:51Reported by PatchstackType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 72 Views

CVE-2025-22777 WordPress GiveWP Plugin allows PHP Object Injection vulnerability in versions up to 3.19.3.

Reporter	Title	Published	Views	Family All 14
GithubExploit	Exploit for Deserialization of Untrusted Data in Givewp	29 Dec 202517:58	–	githubexploit
BDU FSTEC	The vulnerability of the GiveWP plugin of the WordPress content management system allows a hacker to execute arbitrary code.	3 Feb 202500:00	–	bdu_fstec
Circl	CVE-2025-22777	12 Jan 202502:00	–	circl
CNNVD	WordPress plugin GiveWP 安全漏洞	13 Jan 202500:00	–	cnnvd
Cvelist	CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability	13 Jan 202513:10	–	cvelist
EUVD	EUVD-2025-2987	3 Oct 202520:07	–	euvd
NVD	CVE-2025-22777	13 Jan 202514:15	–	nvd
OSV	CVE-2025-22777	13 Jan 202514:15	–	osv
Patchstack	WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability	10 Jan 202508:25	–	patchstack
Positive Technologies	PT-2025-1320 · Givewp · Givewp	7 Jan 202500:00	–	ptsecurity

NVD

Vulners

Node

givewp givewpRange<3.19.4wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "give",
    "product": "GiveWP",
    "vendor": "StellarWP",
    "versions": [
      {
        "changes": [
          {
            "at": "3.19.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.19.3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-3-19-3-php-object-injection-vulnerability
securityonline	www.securityonline.info/cve-2025-22777-cvss-9-8-critical-security-alert-for-givewp-plugin-with-100000-active-installations/

28 Apr 2026 16:11Current

7.2High risk

Vulners AI Score7.2

CVSS 3.19.8

EPSS0.00752

SSVC

CWE-502