CVE-2025-4571

Name of the Vulnerable Software and Affected Versions GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 4.3.0

Description The issue allows authenticated attackers with Contributor-level access and above to view or delete fundraising campaigns, view donors' data, and modify campaign events due to an insufficient capability check on the permissionsCheck functions.

Recommendations For versions up to, and including, 4.3.0, update to a version higher than 4.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the permissionsCheck functions to prevent unauthorized data modification.