CVE-2025-0912 – The Donations Widget WordPress plugin contains ... (How to Fix)

📋 TL;DR

The Donations Widget WordPress plugin contains a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code on affected websites. This affects all versions up to 3.19.4. Attackers can exploit this through the donation form's 'card_address' parameter to achieve remote code execution.

💻 Affected Systems

Products:

WordPress Donations Widget plugin (GiveWP)

Versions: All versions up to and including 3.19.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Any WordPress site with the vulnerable plugin enabled is affected regardless of configuration.

📦 What is this software?

Givewp by Givewp

View all CVEs affecting Givewp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attackers to install backdoors, steal sensitive data, deface websites, or use the server for further attacks.

🟠

Likely Case

Website defacement, data theft, cryptocurrency mining, or ransomware deployment.

🟢

If Mitigated

Attack attempts logged but blocked if proper input validation and security controls are in place.

🌐 Internet-Facing: HIGH - WordPress plugins are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: LOW - The vulnerability requires access to the donation form which is typically public-facing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with available POP chains for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.19.4

Vendor Advisory: https://wordpress.org/plugins/give/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Give - Donation Plugin' and check version
4. If version is 3.19.4 or lower, click 'Update Now'
5. Verify update to version 3.19.5 or higher

🔧 Temporary Workarounds

Disable Donations Widget Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate give

Block Suspicious Requests

all

Add WAF rule to block requests containing serialized PHP objects in card_address parameter

🧯 If You Can't Patch

Disable the Donations Widget plugin immediately
Implement web application firewall rules to block requests with serialized PHP objects in form parameters

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Give - Donation Plugin version

Check Version:

wp plugin list --name=give --field=version

Verify Fix Applied:

Verify plugin version is 3.19.5 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

POST requests to donation forms with unusual data in card_address parameter
PHP unserialize() errors in logs
Unexpected file creation or process execution

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php or donation endpoints with serialized data
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (uri_path="*donation*" OR uri_path="*give*" OR uri_path="*wp-admin/admin-ajax.php*") AND http_method="POST" AND (request_body="*O:*" OR request_body="*C:*" OR request_body="*s:*")

📊 Metadata

CVE ID: CVE-2025-0912

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 3.68% exploit probability (87.6th percentile)

Published: March 4, 2025

Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0912, you might also want to check these: