Platform
wordpress
Component
give
Fixed in
4.13.2
CVE-2025-67467 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the GiveWP WordPress plugin. A CSRF attack allows an attacker to trick a user into performing actions they didn't intend to, potentially leading to unauthorized modifications or deletions of donation campaigns and related data. This vulnerability impacts GiveWP versions from 0.0.0 through 4.13.1, and a patch is available in version 4.13.2.
The CSRF vulnerability in GiveWP allows an attacker to execute actions on behalf of an authenticated user without their knowledge or consent. This could involve creating, modifying, or deleting donation campaigns, managing donor data, or altering plugin settings. A successful attack could result in financial losses for organizations relying on GiveWP for fundraising, damage to their reputation, and potential data breaches if sensitive donor information is compromised. The impact is amplified if the plugin is integrated with other systems, as the attacker could potentially leverage the CSRF to gain access to those connected services.
CVE-2025-67467 was publicly disclosed on 2025-12-09. There are currently no known public exploits or active campaigns targeting this vulnerability. The CVSS score of 5.4 (MEDIUM) indicates a moderate risk, suggesting that exploitation is possible but not highly probable without significant effort. It is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-67467 is to immediately upgrade the GiveWP plugin to version 4.13.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a temporary workaround by adding CSRF tokens to all sensitive forms and actions within the GiveWP plugin. WordPress security plugins often provide CSRF protection; ensure these are enabled and configured correctly. Regularly review WordPress plugin configurations and user permissions to minimize the potential attack surface.
Update to version 4.13.2, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-67467 is a Cross-Site Request Forgery (CSRF) vulnerability affecting GiveWP versions 0.0.0 through 4.13.1, allowing attackers to perform unauthorized actions.
If you are using GiveWP version 4.13.1 or earlier, you are affected by this vulnerability. Upgrade to 4.13.2 or later to mitigate the risk.
The recommended fix is to upgrade the GiveWP plugin to version 4.13.2 or later. Consider temporary workarounds like CSRF tokens if immediate upgrade is not possible.
As of now, there are no known public exploits or active campaigns targeting this vulnerability, but it remains a potential risk.
Refer to the official GiveWP website and WordPress plugin repository for the latest security advisories and updates related to CVE-2025-67467.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.