Mastodawn

CVE Alert: CVE-2025-13206 - stellarwp - GiveWP – Donation Plugin and Fundraising Platform - https://www.redpacketsecurity.com/cve-alert-cve-2025-13206-stellarwp-givewp-donation-plugin-and-fundraising-platform/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-13206 #stellarwp #givewp-donation-plugin-and-fundraising-platform

CVE Alert: CVE-2025-13206 - stellarwp - GiveWP – Donation Plugin and Fundraising Platform - RedPacket Security

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all

RedPacket Security

Busta Aug 4, 2025

Need a new list of names and e-mail addresses? Easy, just press F12 on sites which have a vulnerable donation plugin (GiveWP) and that's it.
https://pi-hole.net/blog/2025/07/30/compromised-donor-emails-a-post-mortem/#page-content

#givewp #wordpress #vulnerability #breach #leak

Compromised Donor Emails: A post-mortem – Pi-hole

Show thread

lars Aug 1, 2025

@[email protected] @gnulinux hab den Fehler gehoben #Pihole #datenleck #leak #giveWP #Wordpress

lars Aug 1, 2025

Am 30. Juli 2025 wurde ein Datenleck bei Pi-hole bekannt. Ich habe selbst eine Benachrichtigung von „Have I been pwned“ erhalten und berichte hier aus erster Hand, was passiert ist, wer betroffen ist und was man jetzt tun sollte.

https://dasnetzundich.de/datenleck-bei-pi-hole-auch-meine-spender-e-mail-ist-betroffen/ #Pihole #datenleck #leak #giveWP #Wordpress

Gabriel Jul 31, 2025

While the patch was released quickly, we were concerned by the 17.5-hour delay (“4 business hours”…) between the critical security fix and any official notification from the GiveWP team. However, In our view, their public statement did not sufficiently address the potential impact of exposing donor names and email addresses.Pihole post-mortem #GiveWP

Compromised Donor Emails: A post-mortem – Pi-hole

GripNews Jul 31, 2025

🌘 Corbett Report 等眾多網站出現數據洩漏！
➤ WordPress 插件 GiveWP 的嚴重漏洞導致用戶個資外洩
✤ https://corbettreport.com/data-leak-at-corbett-report/
Corbett Report 及其使用的 WordPress 插件 GiveWP 發生了嚴重的安全漏洞，導致部分用戶的電子郵件地址和用戶名被意外暴露在網站原始碼中。儘管該插件已被停用，但洩露的資訊已被垃圾郵件機器人抓取。此漏洞影響了數萬個使用該插件的網站，Corbett Report 的作者正在聯繫受影響的用戶。
+ 這實在太可怕了！這些網站應該更謹慎地保護我們的資訊。
+ 幸好我平常就不常在這類網站註冊。不過，這也提醒我們，任何線上服務都有潛在風險。
#數據安全 #WordPress 插件 #資訊洩漏 #GiveWP #網路安全

Data Leak at Corbett Report (and Many Other Sites)! | The Corbett Report

I am in the process of emailing every email address that was exposed by this, but if you are a Corbett Report member who has any questions or concerns about this, please contact me directly.

The Corbett Report

Howard Lake Oct 10, 2016

Podcast interview with Matt Cromwell, creator of #GiveWP donations plugin for WordPress:via @wptavern wptavern.com/wpweekly-episo…

WPWeekly Episode 250 – Intervi...

Marcel SIneM(S)US Aug 23, 2024

#WordPress-Plug-in: Kritische Lücke mit Höchstwertung in #GiveWP geschlossen | Security https://www.heise.de/news/WordPress-Plug-in-Kritische-Luecke-mit-Hoechstwertung-in-GiveWP-geschlossen-9842395.html #Patchday #WordPressPlugin

WordPress-Plug-in: Kritische Lücke mit Höchstwertung in GiveWP geschlossen

Über eine Schwachstelle im Spenden-Plug-in GiveWP können Angreifer die Kontrolle über WordPress-Websites erlangen. Ein Sicherheitspatch ist verfügbar.

heise online