CVE-2025-11228

| EUVD-2025-32422 MEDIUM
2025-10-04 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 13, 2026 - 19:56 euvd
EUVD-2025-32422
Analysis Generated
Mar 13, 2026 - 19:56 vuln.today
Patch Released
Nov 26, 2025 - 17:04 nvd
Patch available
CVE Published
Oct 04, 2025 - 03:15 nvd
MEDIUM 5.3

Tags

Authentication Bypass WordPress Givewp PHP

Description

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.

Analysis

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.

Technical Context

This vulnerability is classified as Missing Authorization (CWE-862).

Affected Products

Affected products: Givewp Givewp

Remediation

A vendor patch is available. Apply it as soon as possible and verify the fix.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Share

CVE-2025-11228 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy