Givewp – donation plugin and fundraising platform

This hub aggregates every CVE we track for Givewp – donation plugin and fundraising platform, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premweb app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM25CRITICAL5HIGH3

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Givewp – donation plugin and fundraising platform.

CVE-2025-13206GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'7.2Nov 19, 2025
CVE-2025-11228GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association5.3Oct 4, 2025
CVE-2025-11227GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure6.5Oct 4, 2025
CVE-2025-7221GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update4.3Aug 21, 2025
CVE-2025-8620GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure5.3Aug 6, 2025
CVE-2025-7205GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting5.4Jul 31, 2025
CVE-2025-4571GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification5.4Jun 19, 2025
CVE-2025-2331GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure5.3Mar 22, 2025
CVE-2025-2025Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function6.5Mar 15, 2025
CVE-2025-0912GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection9.8Mar 4, 2025
CVE-2024-12877GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection9.8Jan 11, 2025
CVE-2024-9634GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution9.8Oct 16, 2024
CVE-2024-8353GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection10.0Sep 28, 2024
CVE-2024-9130GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter7.2Sep 27, 2024
CVE-2024-6551GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure5.3Aug 29, 2024

Product normalization is registry-driven with AI assist and human review. How it works