Critical WordPress Vulnerability: Over 10,000 Sites Under Hacker Attacks
According to recent cybersecurity reports, a security vulnerability identified as CVE-2025-0912 has been discovered in the GiveWP Donation Plugin for WordPress. This flaw affects over 100,000 websites, allowing attackers to perform Remote Code Execution (RCE) attacks.
This vulnerability has received a 9.8 (Critical) rating on the CVSS scale, highlighting its extreme severity. Security experts state that the issue arises due to improper handling of user data in donation forms. This weakness enables attackers to inject PHP objects and use Property-Oriented Programming (POP) chains to gain full control over the server.
The vulnerability is located in the card_address parameter of the GiveWP plugin. Versions 3.19.4 and earlier do not properly validate or sanitize input data, allowing attackers to exploit it via PHP Object Injection (CWE-502).
The give_process_donation_form() function is responsible for processing user input, but it directly deserializes data, making it possible for attackers to inject specially crafted payloads that trigger unwanted PHP object execution.
Through POP chains, hackers can execute system commands, delete files, create new administrator accounts, and even deploy malicious software for cryptocurrency mining.
The severity of this vulnerability lies in the fact that it bypasses WordPress security mechanisms and can be exploited by any unauthenticated attacker.
🔴 Potential Consequences of a Successful Attack:
- Deletion of critical files such as
wp-config.php - Theft of database login credentials
- Installation of backdoors for unauthorized site access
- Exposure of donors’ personal and financial information
- Defacement of website pages or injection of malicious code
- Diversion of donations to hackers or involvement in fraudulent schemes
The GiveWP plugin is widely used by nonprofit organizations, religious communities, and political campaigns, making these attacks particularly concerning due to their potential for financial and reputational damage.
🔹 Recommended Actions for Website Administrators:
✔ Immediately update the GiveWP plugin to version 3.20.0 or later
✔ Analyze server logs for suspicious POST requests to /wp-json/givewp/v3/donations
✔ Configure a Web Application Firewall (WAF) to block malicious data in the card_address parameter
✔ Monitor file system changes and check for unauthorized new administrator accounts
✔ Create a database backup and change all passwords
✔ Restrict access to donation forms by enabling CAPTCHA or reCAPTCHA (if an immediate patch is not possible)
🔸 While mass exploitation of this vulnerability has not been observed yet, its simplicity and effectiveness make it a high-priority target for ransomware groups and cryptocurrency miners.
🔸 Reports indicate that at least 30% of vulnerable sites remain unpatched, according to security firm Defiant, leaving them at serious risk of attack.
🔸 WordPress security experts advise organizations to subscribe to vulnerability monitoring services, enable automatic updates, and deploy real-time attack prevention tools.
Third-party plugin vulnerabilities continue to be a major security concern for WordPress sites. Even though developers regularly release security updates, site owners must install them promptly. Otherwise, cybercriminals could exploit these flaws to steal sensitive information, compromise websites, and cause severe financial and operational damage.
🔐 Additional Security Recommendations:
✅ Download plugins only from the official WordPress repository
✅ Install security updates without delay
✅ Implement malware scanning solutions on your website
✅ Regularly create data backups
✅ Enable two-factor authentication (2FA) for additional protection
🚀 Secure your WordPress site—cybercriminals never sleep!
