cleantalk
Vulnerabilities and Security Researches

GiveWP – Donation Plugin and Fundraising Platform, CVE-2025-7221

CVE, Research URL

CVE-2025-7221

Home page URL

Security reports for GiveWP – Donation Plugin and Fundraising Platform

Application

GiveWP – Donation Plugin and Fundraising Platform

Published on
Aug 21, 2025
Research Description
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to update donations statuses. This ability is not present in the user interface.
Affected versions
Min -, max 4.6.1.
Status
vulnerable
Previous vulnerability researches
AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) (CVE-2025-58201) , Aug 28, 2025
New vulnerability
Tiktok Feed – Best TikTok feed plugin for WordPress (CVE-2025-54710) , Aug 29, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025