CVE-2025-4571
GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And ModificationThe GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.
We have discovered 10,009 live websites that are affected by CVE-2025-4571.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,009 live websites (31% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 222 versions ( 91% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jun 19, 2025
- Updated - Jun 20, 2025
Credits
- Brian Sans-Souci (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-4571 United States | 4,310 websites |
 Germany | 797 websites |
 GB | 629 websites |
 Italy | 581 websites |
 France | 503 websites |
 India | 282 websites |
 Canada | 252 websites |
 Spain | 194 websites |
 Australia | 177 websites |
 Cyprus | 159 websites |
Website Distribution by TLD
Number of websites using CVE-2025-4571| .org | 4,023 websites |
| .com | 2,432 websites |
| .it | 373 websites |
| .de | 285 websites |
| .net | 174 websites |
| .fr | 160 websites |
| .org.uk | 156 websites |
| .ca | 137 websites |
| .co.uk | 127 websites |
| .nl | 81 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-4571
Top websites that are affected by CVE-2025-4571. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.info | United States | **,*** | |
| *********.org | GB | **,*** | |
| ********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| **************.***.uk | GB | ***,*** | |
| *****.org | United States | ***,*** | |
| ****************.org | GB | ***,*** | |
| *************.it | Italy | ***,*** | |
| ******.com | United States | ***,*** |
FAQ
CVE-2025-4571 is Missing Authorization in GiveWP
A total of 10,009 websites have been identified as vulnerable to CVE-2025-4571, based on global website indexing conducted by WebTechSurvey.
The GiveWP is affected by the CVE-2025-4571 vulnerability.
GiveWP versions up to and including 4.3 are vulnerable to CVE-2025-4571.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/DeleteCampaignListTable.php#L40
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/EventTickets/Routes/UpdateEvent.php#L36
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Campaigns/ListTable/Routes/GetCampaignsListTable.php#L95
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/ListDonors.php#L31
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/Donors/Endpoints/Endpoint.php#L57
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/GetLogs.php#L40
- https://plugins.trac.wordpress.org/browser/give/tags/4.2.0/src/API/Endpoints/Logs/Endpoint.php#L26
- https://plugins.trac.wordpress.org/changeset/3305112/