CVE-2025-8620
GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data ExposureThe GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
We have discovered 10,823 live websites that are affected by CVE-2025-8620.
Affected Software
| Product |  GiveWP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,823 live websites (34% of GiveWP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 227 versions ( 93% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Aug 6, 2025
- Updated - Aug 6, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-8620 United States | 4,661 websites |
 Germany | 845 websites |
 GB | 684 websites |
 Italy | 619 websites |
 France | 540 websites |
 India | 294 websites |
 Canada | 276 websites |
 Spain | 215 websites |
 Australia | 194 websites |
 Cyprus | 178 websites |
Website Distribution by TLD
Number of websites using CVE-2025-8620| .org | 4,364 websites |
| .com | 2,618 websites |
| .it | 401 websites |
| .de | 301 websites |
| .net | 193 websites |
| .org.uk | 179 websites |
| .fr | 166 websites |
| .ca | 152 websites |
| .co.uk | 134 websites |
| .nl | 89 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-8620
Top websites that are affected by CVE-2025-8620. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.info | United States | **,*** | |
| *********.org | GB | **,*** | |
| ********.org | United States | **,*** | |
| ************.org | United States | **,*** | |
| **************.com | Australia | **,*** | |
| ******.info | Italy | **,*** | |
| **************.***.uk | GB | ***,*** | |
| *****.org | United States | ***,*** | |
| **********.org | United States | ***,*** | |
| ****************.org | GB | ***,*** |
FAQ
CVE-2025-8620 is Exposure of Sensitive Information to an Unauthorized Actor in GiveWP
A total of 10,823 websites have been identified as vulnerable to CVE-2025-8620, based on global website indexing conducted by WebTechSurvey.
The GiveWP is affected by the CVE-2025-8620 vulnerability.
GiveWP versions up to and including 4.6 are vulnerable to CVE-2025-8620.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc7c5a6-513e-4aa8-9538-0ac6fb37c867?source=cve
- https://www.linkedin.com/posts/givewp_givewp-support-handpicked-from-the-best-activity-7356319738290974720-Dt4U/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABmBk5UBxPIzCp0cgsD1_1xKASTMphetnI4
- https://github.com/impress-org/givewp/issues/8042
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3336253%40give&new=3336253%40give&sfp_email=&sfph_mail=