Plattform
wordpress
Komponente
give
Behoben in
4.13.2
CVE-2025-67467 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the GiveWP WordPress plugin. A CSRF attack allows an attacker to trick a user into performing actions they didn't intend to, potentially leading to unauthorized modifications or deletions of donation campaigns and related data. This vulnerability impacts GiveWP versions from 0.0.0 through 4.13.1, and a patch is available in version 4.13.2.
The CSRF vulnerability in GiveWP allows an attacker to execute actions on behalf of an authenticated user without their knowledge or consent. This could involve creating, modifying, or deleting donation campaigns, managing donor data, or altering plugin settings. A successful attack could result in financial losses for organizations relying on GiveWP for fundraising, damage to their reputation, and potential data breaches if sensitive donor information is compromised. The impact is amplified if the plugin is integrated with other systems, as the attacker could potentially leverage the CSRF to gain access to those connected services.
CVE-2025-67467 was publicly disclosed on 2025-12-09. There are currently no known public exploits or active campaigns targeting this vulnerability. The CVSS score of 5.4 (MEDIUM) indicates a moderate risk, suggesting that exploitation is possible but not highly probable without significant effort. It is not listed on the CISA KEV catalog as of this writing.
Organizations and websites utilizing the GiveWP plugin for donation processing, particularly those running older versions (0.0.0–4.13.1), are at risk. Shared hosting environments where multiple WordPress installations share resources are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'givewp_process_donation' /var/www/html/wp-content/plugins/givewp/• wordpress / composer / npm:
wp plugin list | grep givewp• wordpress / composer / npm:
wp plugin update givewp --version=4.13.2disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-67467 is to immediately upgrade the GiveWP plugin to version 4.13.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a temporary workaround by adding CSRF tokens to all sensitive forms and actions within the GiveWP plugin. WordPress security plugins often provide CSRF protection; ensure these are enabled and configured correctly. Regularly review WordPress plugin configurations and user permissions to minimize the potential attack surface.
Aktualisieren Sie auf Version 4.13.2 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-67467 is a Cross-Site Request Forgery (CSRF) vulnerability affecting GiveWP versions 0.0.0 through 4.13.1, allowing attackers to perform unauthorized actions.
If you are using GiveWP version 4.13.1 or earlier, you are affected by this vulnerability. Upgrade to 4.13.2 or later to mitigate the risk.
The recommended fix is to upgrade the GiveWP plugin to version 4.13.2 or later. Consider temporary workarounds like CSRF tokens if immediate upgrade is not possible.
As of now, there are no known public exploits or active campaigns targeting this vulnerability, but it remains a potential risk.
Refer to the official GiveWP website and WordPress plugin repository for the latest security advisories and updates related to CVE-2025-67467.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.