A critical vulnerability has been identified in the WordPress plugin GiveWP!
A critical vulnerability has been identified in the WordPress plugin GiveWP!
The new CVE-2025-0912, which exposes nearly 100,000 WordPress-based sites with the plugin to unpatched remote code execution (RCE) attacks have been registered.
Successful exploitation of this vulnerability allows full server takeover, including deleting files, stealing database data, or installing backdoors. Administrators should immediately update the plugin to version 3.20.0 or higher and monitor servers for suspicious activity.
For more information about this vulnerability, see the CVE statement.
Remember!
A system is only as secure as its weakest side!