CVE-2025-47444 PUBLISHED

WordPress GiveWP Plugin < 4.6.1 is vulnerable to Sensitive Data (PII) Exposure

Assigner: Patchstack
Reserved: 07.05.2025 Published: 12.08.2025 Updated: 12.08.2025

Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Liquid Web
Product	GiveWP
Versions	Default: unaffected affected from n/a to 4.6.1 (excl.)

Solutions

Update to 4.6.1 or a higher version.

Credits

KXKV finder

References

https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-4-6-1-pii-sensitive-data-exposure-vulnerability
https://github.com/impress-org/givewp/issues/8042

Problem Types

CWE-201 Insertion of Sensitive Information Into Sent Data CWE

Impacts

CAPEC-37 Retrieve Embedded Sensitive Data