- Description
- The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- givewp
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-8620 Information Exposure Vulnerability in GiveWP WordPress Donation Plugin Be... https://t.co/flaBV6zUSi Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
6 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8620 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes… https://t.co/93Fg1KZZ84
@CVEnew
6 Aug 2025
359 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DAFC5FC8-243E-4095-9AF8-97E5555861D5",
"versionEndExcluding": "4.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]