PT-2025-12481 · Givewp · Givewp

Brian Sans-Souci

Published

2025-03-22

Updated

2025-08-11

CVE-2025-2331

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.22.1

Description The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including reports detailing donors and donation amounts, due to a misconfigured capability check in the permissionsCheck function.

Recommendations For versions up to, and including, 3.22.1, update to a version that contains a fix for this issue to prevent sensitive information exposure. As a temporary workaround, consider restricting access to the permissionsCheck function until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-2331

Affected Products

Givewp

PT-2025-12481 · Givewp · Givewp

CVE-2025-2331

Weakness Enumeration

Related Identifiers

Affected Products

References · 14