CVE-2025-47444
BaseFortify
Publication date: 2025-08-12
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liquid_web | givewp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the GiveWP plugin to version 4.6.1 or later, as this version contains the fix for the sensitive data exposure issue. Since no virtual patch is available, patching is the only effective mitigation. Users should also enable auto-updates for the plugin if possible, monitor their sites for signs of compromise, and seek professional incident response if a breach is suspected. [1]
Can you explain this vulnerability to me?
CVE-2025-47444 is a vulnerability in the WordPress GiveWP plugin versions before 4.6.1 that allows unauthenticated attackers to access personally identifiable information (PII) and other sensitive data that should not be accessible to regular users. This is due to an insertion of sensitive information into sent data, leading to exposure of embedded sensitive data without requiring any privileges or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive and personally identifiable information, which can facilitate further exploitation of other system weaknesses. Because it requires no privileges to exploit, it poses a high risk of mass exploitation, potentially compromising user privacy and security on affected websites using the vulnerable GiveWP plugin. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The exposure of personally identifiable information (PII) due to this vulnerability can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive data. Unauthorized access to such data may result in legal and regulatory consequences for affected organizations if the vulnerability is exploited and data is compromised. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthenticated attackers to access sensitive data via the GiveWP plugin prior to version 4.6.1. Detection involves monitoring for unauthorized access attempts to endpoints related to the GiveWP plugin that may expose sensitive information. Specific commands are not provided in the resources, but general detection could include reviewing web server logs for unusual GET or POST requests targeting GiveWP plugin URLs, or using web application firewall (WAF) rules to detect suspicious access patterns. Additionally, monitoring for unexpected data exfiltration or scanning the plugin version installed can help identify vulnerable systems. [1]