CVE-2025-11228
published 2025-10-04CVE-2025-11228: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.27%
18.9th percentile
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givewp | givewp | < 4.10.1 | 4.10.1 |
| stellarwp | givewp_donation_plugin_and_fundraising_platform | <= 4.10.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fppv-wwvh-h98g: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabil
ghsa_unreviewed·2025-10-04
CVE-2025-11228 [MEDIUM] CWE-862 GHSA-fppv-wwvh-h98g: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabil
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.
Chrome
Stable Channel Update for Desktop: CVE-2026-11228
vendor_chrome·2026-06-02
CVE-2026-11228 [LOW] Stable Channel Update for Desktop: CVE-2026-11228
Stable Channel Update for Desktop
CVE-2026-11228: Incorrect security UI in File Input. Reported by Umar Farooq on 2025-10-23 [TBD][ 482713603 ] Low CVE-2026-11229: Insufficient policy enforcement in Enterprise
Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-08 [N/A][ 493225428 ] Low CVE-2026-11230: Use after free in Extensions
Severity: low
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/give/tags/4.9.0/src/DonationForms/Routes/DonationFormsEntityRoute.php#L131https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3371948%40give&new=3371948%40give&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf9a043-5eb6-46fd-88c2-0f5a04f73fc9?source=cve
2025-10-04
Published