CVE-2025-4571
Last modified
CVE-2025-4571 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Givewp | Givewp | < 4.3.1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-4571?
How severe is CVE-2025-4571?
How do I fix CVE-2025-4571?
Are you affected by CVE-2025-4571?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST