VYPR
Unrated severityNVD Advisory· Published Oct 4, 2025· Updated Apr 8, 2026

GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association

CVE-2025-11228

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Givewp/Givewpllm-fuzzy
    Range: <=4.10.0
  • stellarwp/GiveWP – Donation Plugin and Fundraising Platformv5
    Range: 0
  • WordPress/Givewpwp-canonicalize

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.