CVE-2025-8620
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this issue. CVE-2025-47444 is a duplicate of this issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| givewp | givewp | to 4.6.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the GiveWP – Donation Plugin and Fundraising Platform for WordPress allows unauthenticated attackers to access and extract sensitive donor information such as names, emails, and donor IDs in all versions up to and including 4.6.0.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of personal donor information, potentially compromising donor privacy and trust. It may result in exposure of sensitive data without any authentication required.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70