WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability

WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.6.0 - Unauthenticated Donor Data Exposure vulnerability discovered by WordFence in WordPress Plugin GiveWP versions = 4.6.0...

EUVD-2019-10913

Malware in sbrugna...

EUVD-2025-23814

Malicious code in bioql PyPI...

CVE-2025-8620

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

CVE-2025-8620

The vulnerability concerns the WordPress plugin GiveWP – Donation Plugin and Fundraising Platform. Affected versions are prior to 4.6.1 (and up to 4.6.0 per NVD/Red Hat entries). The issue is an Information Exposure that allows unauthenticated attackers to extract donor data (names, emails, donor...

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

PT-2025-32146 · WordPress · Givewp – Donation Plugin/Fundraising Platform

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.6.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to information exposure. This allows unauthenticated attackers to...

CVE-2025-4523

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admindonorprofileview function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with...

CVE-2025-2331

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with...

PT-2025-12481 · Givewp · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.22.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including reports detailing donors...

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...

CVE-2021-4377

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...

PT-2023-12488 · WordPress · Doneren Met Mollie

Name of the Vulnerable Software and Affected Versions: Doneren met Mollie plugin for WordPress versions up to and including 2.8.5 Description: The issue concerns Sensitive Data Exposure due to missing capability checks in the dmm export donations function, which is called via the admin post dmm...

WordPress plugin GiveWP 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2022-14899 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.20.2 Description: The issue allows unauthenticated users to access donor information through the "/donor-wall" REST-API endpoint, even when the donor wall is not enabled. This...

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...

PT-2020-10396 · WordPress · Give Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Give versions prior to 2.5.5 Description: A flaw in the Give WordPress plugin allowed unauthenticated users to bypass API authentication methods, accessing personally identifiable user information PII, including names, addresses, IP addresses...