CVE-2025-67467
WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.
We have discovered 15,690 live websites that are affected by CVE-2025-67467.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 15,690 live websites (49% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 239 versions ( 98% of all versions) |
Details
- Published - Dec 9, 2025
- Updated - Feb 10, 2026
Credits
- mcdruid | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-67467 United States | 7,342 websites |
 Germany | 1,101 websites |
 GB | 972 websites |
 Italy | 792 websites |
 France | 688 websites |
 Canada | 413 websites |
 India | 399 websites |
 Australia | 296 websites |
 Spain | 291 websites |
 Cyprus | 262 websites |
Website Distribution by TLD
Number of websites using CVE-2025-67467| .org | 6,564 websites |
| .com | 3,816 websites |
| .it | 526 websites |
| .de | 390 websites |
| .org.uk | 278 websites |
| .net | 276 websites |
| .ca | 228 websites |
| .fr | 210 websites |
| .co.uk | 188 websites |
| .nl | 140 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-67467
Top websites that are affected by CVE-2025-67467. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.info | United States | **,*** | |
| ***********.org | United States | **,*** | |
| ****.org | United States | **,*** | |
| *********.org | GB | **,*** | |
| ********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| ******.info | Italy | **,*** | |
| ****************.com | United States | ***,*** | |
| **************.***.uk | GB | ***,*** |