WordPress

Critical Flaw Hits GiveWP: Protect Your WordPress Site Now!

Mar 5th 2025
A huge security issue popped up in the GiveWP Donation Plugin on March 3, 2025. This plugin helps websites take donations, but now over 10,000 WordPress sites are in danger. Because of this flaw, bad guys can attack these sites and take control.

What’s the Flaw?

The Problem’s Name

Experts call this flaw CVE-2025-0912. It’s super serious, and attackers don’t even need a password to use it.

How It Happens

The trouble starts with a part of the donation form called “card_address.” The plugin doesn’t check it well enough, so attackers sneak in bad code and take over the site. They use a tricky technique called a “POP chain” to do it.

Why It’s Bad

This flaw gets a score of 9.8 out of 10 for danger. Attackers can steal donor info, mess with payments, or even lock site owners out. A researcher named “dream hard” found it while checking the plugin’s code. He said it skips all the safety steps!

Who’s at Risk?

GiveWP helps groups like nonprofits and churches collect money online. Millions of dollars flow through it every year. But if attackers get in, they can:
  • Trick people into sending money to the wrong place.
  • Steal names, emails, and payment details.
  • Add bad links to hurt the site’s reputation.
  • Take over the whole site for sneaky plans.
Experts at Wordfence saw attackers hunting for weak sites starting March 4. They found three different ways the bad guys are trying to break in.

How to Stay Safe

The Fix Is Here

Good news! GiveWP made a new version, 3.20.0, on March 4. It adds better checks to stop the attacks. Site owners need to update right away.

What to Do Now

  • Switch to the new version fast.
  • Check your site’s logs for weird activity.
  • Make new keys for payment systems.
Wordfence says, “If you’re using an old version, act like you’ve already been hacked. Scan for trouble and watch your donor accounts!”

Why People Are Upset

Some folks are mad because GiveWP took two days to fix this after everyone found out. People who make free plugins say they need to check their code better, especially for money stuff. Right now, over 7,000 sites still haven’t updated as of March 5. Attackers are sharing ways to break in online, so time’s running out!

Don’t Wait!

If your site uses GiveWP, update it now. Waiting could cost you money and trust. Act fast to keep your site and donors safe!
Tags:
Share:
Facebook X LinkedIn Reddit Tumblr Pinterest VK WhatsApp
Author:
John Bauer

John Bauer

Featured Articles

Categories

Tags

tag-icon wordpress 119 tag-icon WordPress plugins 40 tag-icon WooCommerce 30 tag-icon Plugin Vulnerability 19 tag-icon Best Wordpress Plugins 19 tag-icon plugins 19 tag-icon Plugin 17 tag-icon SEO 14 tag-icon WordPress Themes 14 tag-icon update 11 tag-icon WordPress plugin 9 tag-icon news 8 tag-icon e-commerce 8 tag-icon Must Have plugins 8 tag-icon Gutenberg 8 tag-icon security 7 tag-icon free plugins 7 tag-icon Website 7 tag-icon Search Engine Optimization 7 tag-icon WordPress Websites 6 tag-icon WooCommerce Plugin 6 tag-icon E-Commerce Website 6 tag-icon WordPress vulnerabilities 6 tag-icon Gutenberg editor 6 tag-icon Plugins 2019 6 tag-icon Yoast SEO 5 tag-icon WordPress Site 5 tag-icon wordpress news 4 tag-icon wordpress gutenberg 4 tag-icon Mailchimp 4 tag-icon WooCommerce store 4 tag-icon Google 4 tag-icon WordPress Templates 4 tag-icon Online Store 3 tag-icon Discount 3 tag-icon Wordfence 3 tag-icon Gutenberg Hub 3 tag-icon plugins 2020 3 tag-icon wordpress gutenberg blocks 3 tag-icon WordPress Security Issues 3 tag-icon SEO Plugins 3 tag-icon free WordPress plugins 3 tag-icon photo editing plugins 3 tag-icon themes 3 tag-icon security plugins 3 tag-icon WordPress 5.2 3 tag-icon Google Analytics 3 tag-icon Stripe 3 tag-icon WooCommerce Site 3 tag-icon Content Creation 3