{"id":"CVE-2025-8620","details":"The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.","modified":"2026-04-10T05:36:21.083426Z","published":"2025-08-06T10:15:35.967Z","references":[{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc7c5a6-513e-4aa8-9538-0ac6fb37c867?source=cve"},{"type":"REPORT","url":"https://github.com/impress-org/givewp/issues/8042"},{"type":"REPORT","url":"https://www.linkedin.com/posts/givewp_givewp-support-handpicked-from-the-best-activity-7356319738290974720-Dt4U/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABmBk5UBxPIzCp0cgsD1_1xKASTMphetnI4"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3336253%40give&new=3336253%40give&sfp_email=&sfph_mail="}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/impress-org/givewp","events":[{"introduced":"0"},{"fixed":"5d8d598127292fc5296b4705b5475ac53bf06608"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.6.1"}]}}],"versions":["1.0","1.0.0","1.0.1","1.1","1.18.18","1.2","1.2.1","1.3","1.3.0.4","1.3.1","1.3.1.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.4","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.5","1.5.1","1.5.2","1.6","1.6.1","1.6.2","1.6.3","1.6.4","1.7","1.7.1","1.7.2","1.8","1.8.1","1.8.10","1.8.11","1.8.12","1.8.13","1.8.14","1.8.15","1.8.16","1.8.17","1.8.19","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.7.1","1.8.8","1.8.9","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.10.0","2.10.1","2.10.2","2.10.3","2.10.4","2.11.0","2.11.1","2.11.2","2.11.3","2.12.0","2.12.1","2.12.2","2.12.3","2.13.0","2.13.1","2.13.2","2.13.3","2.13.4","2.14.0","2.15.0","2.16.0","2.16.1","2.16.2","2.17.0","2.17.1","2.17.2","2.17.3","2.18.1","2.19.0","2.19.1","2.19.2","2.19.3","2.19.4","2.19.5","2.19.6","2.19.6-alpha","2.19.7","2.19.8","2.20.0","2.20.1","2.20.2","2.21.0","2.21.1","2.21.2","2.21.4","2.22.0","2.22.1","2.22.2","2.22.3","2.23.0","2.23.1","2.23.2","2.24.0","2.24.1","2.24.2","2.25.0","2.29.2","2.30.0","2.31.0","2.31.1","2.32.0","2.33.0","2.33.1","2.33.2","2.33.3","2.33.4","2.33.5","2.5.10","2.5.12","2.5.13","2.5.2","2.5.3","2.5.4","2.5.5","2.5.7","2.5.8","2.5.9","2.6.0","2.6.1","2.6.2","2.6.3","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.8.0","2.8.0-alpha.1","2.8.0-alpha.2","2.8.0-beta.1","2.8.0-beta.2","2.8.0-beta.3","2.8.0-rc.1","2.8.1","2.9.0","2.9.1","2.9.2","2.9.3","2.9.4","2.9.5","2.9.6","2.9.7","3.0.0","3.0.1","3.0.2","3.0.3","3.10.0","3.11.0","3.12.0","3.13.0","3.14.0","3.14.1","3.15.0","3.2.0","3.2.1","3.4.0","3.4.1","3.5.0","3.6.0","3.7.0","3.8.0","3.9.0","4.0.0","4.2.0","4.3.0","4.3.2","4.4.0","4.5.0","4.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8620.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}