CVE-2025-22777

The software that is vulnerable is the GiveWP WordPress Plugin, specifically versions from n/a through 3.19.3. The vulnerability is a Deserialization of Untrusted Data vulnerability, also known as an Unauthenticated PHP Object Injection, which allows attackers to take control of websites. This vulnerability has a critical rating and affects 100,000 active installations of the plugin. The vulnerability can be exploited by attackers to gain control of websites via donation forms, allowing full site takeover (RCE), and it is recommended to patch the vulnerability as soon as possible by updating to version 3.19.4. There is a public exploit available, and over 11,000 results are found on ZoomEye, indicating potential exploitation by attackers. The vulnerability is identified as CVE-2025-22777. #GiveWP #WordPressPlugin #PrivilegeEscalation #PHPObjectInjection #CVE202522777 #WordPressVulnerability #GiveWPPatch #WordPressSecurity #Cybersecurity