CVE-2025-2025
📋 TL;DR
The GiveWP WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to access sensitive earnings report data. This affects all WordPress sites using GiveWP version 3.22.0 or earlier. Attackers can retrieve donation and financial information without any authentication.
💻 Affected Systems
- GiveWP - Donation Plugin and Fundraising Platform for WordPress
📦 What is this software?
Givewp by Givewp
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all donation records, donor information, and financial data stored in earnings reports, potentially including personally identifiable information (PII) and payment details.
Likely Case
Unauthorized access to donation amounts, donor names, email addresses, and transaction dates from earnings reports, compromising donor privacy and organizational financial data.
If Mitigated
No data exposure if proper access controls are implemented or the vulnerability is patched before exploitation.
🎯 Exploit Status
The vulnerability requires no authentication and minimal technical skill to exploit via direct API calls to the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.22.1 or later
Vendor Advisory: https://wordpress.org/plugins/give/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find GiveWP plugin and check for updates
4. Update to version 3.22.1 or later
5. Verify the update completed successfully
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the GiveWP plugin until patched
wp plugin deactivate give
Restrict Access via .htaccess
linuxBlock access to the vulnerable endpoint using web server rules
# Add to .htaccess in WordPress root directory
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} give_reports_earnings
RewriteRule .* - [F,L]
</IfModule>
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to the give_reports_earnings endpoint
- Monitor server logs for unauthorized access attempts to earnings report functionality
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for GiveWP version. If version is 3.22.0 or earlier, you are vulnerable.Check Version:
wp plugin list --name=give --field=versionVerify Fix Applied:
After updating, verify GiveWP version shows 3.22.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with action=give_reports_earnings from unauthenticated users
- Unusual access patterns to earnings report functionality
Network Indicators:
- Unusual spikes in requests to WordPress admin-ajax.php endpoint
- Requests containing give_reports_earnings parameter from external IPs
SIEM Query:
source="web_server_logs" AND uri="/wp-admin/admin-ajax.php" AND query="action=give_reports_earnings" AND NOT user_agent="WordPress/*"🔗 References
- https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/reports/reports.php#L304
- https://plugins.trac.wordpress.org/changeset/3252319/
- https://wordpress.org/plugins/give/#description
- https://www.wordfence.com/threat-intel/vulnerabilities/id/40595943-121d-4492-a0ed-f2de1bd99fda?source=cve
