CVE-2025-7221
GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation UpdateThe GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to update donations statuses. This ability is not present in the user interface.
We have discovered 10,733 live websites that are affected by CVE-2025-7221.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,733 live websites (33% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 226 versions ( 93% of all versions) |
Common Weakness Enumeration
CWE-285 Improper AuthorizationDetails
- Published - Aug 21, 2025
- Updated - Aug 21, 2025
Credits
- Brian Sans-Souci (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-7221 United States | 4,620 websites |
 Germany | 841 websites |
 GB | 673 websites |
 Italy | 616 websites |
 France | 535 websites |
 India | 293 websites |
 Canada | 275 websites |
 Spain | 214 websites |
 Australia | 191 websites |
 Cyprus | 176 websites |
Website Distribution by TLD
Number of websites using CVE-2025-7221| .org | 4,330 websites |
| .com | 2,591 websites |
| .it | 399 websites |
| .de | 298 websites |
| .net | 191 websites |
| .org.uk | 175 websites |
| .fr | 166 websites |
| .ca | 151 websites |
| .co.uk | 131 websites |
| .nl | 89 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-7221
Top websites that are affected by CVE-2025-7221. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.info | United States | **,*** | |
| *********.org | GB | **,*** | |
| ********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| ******.info | Italy | **,*** | |
| **************.***.uk | GB | ***,*** | |
| *****.org | United States | ***,*** | |
| **********.org | United States | ***,*** | |
| ****************.org | GB | ***,*** |
FAQ
CVE-2025-7221 is Improper Authorization in GiveWP
A total of 10,733 websites have been identified as vulnerable to CVE-2025-7221, based on global website indexing conducted by WebTechSurvey.
The GiveWP is affected by the CVE-2025-7221 vulnerability.
GiveWP versions up to and including 4.5 are vulnerable to CVE-2025-7221.