The vulnerability identified as CVE-2025-7221 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress, specifically versions up to and including 4.5.0. The root cause is an improper authorization issue (CWE-285) due to a missing capability check in the function give_update_payment_status(). This function can be invoked by authenticated users with GiveWP Worker-level access or higher, allowing them to update donation statuses without proper permission validation. The vulnerability does not manifest in the user interface, meaning the ability to change donation statuses is not exposed through normal UI controls, but can be exploited programmatically or via crafted requests. The CVSS v3.1 score is 4.3 (medium), reflecting that the attack vector is network-based, requires low privileges (authenticated user with specific role), no user interaction, and impacts integrity but not confidentiality or availability. There are no known exploits in the wild at the time of publication. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for interim mitigations. This vulnerability could allow malicious insiders or compromised accounts with Worker-level access to manipulate donation records, potentially leading to financial discrepancies, fraud, or reputational damage for organizations relying on GiveWP for fundraising.

The primary impact of this vulnerability is on data integrity, as unauthorized users with Worker-level access can alter donation statuses. This could lead to fraudulent manipulation of donation records, such as marking failed or pending donations as completed, or vice versa, which can distort financial reporting and donor trust. Although confidentiality and availability are not directly affected, the integrity compromise can have significant operational and reputational consequences for nonprofits, charities, and other organizations using GiveWP. Attackers exploiting this flaw could undermine fundraising efforts, cause financial losses, and damage stakeholder confidence. Since the vulnerability requires authenticated access with a specific role, the risk is higher in environments where user roles are not tightly controlled or where accounts may be compromised. The absence of UI controls for this function makes detection and auditing more difficult, increasing the risk of unnoticed manipulation. Organizations worldwide that rely on GiveWP for donation processing are at risk, especially those with large donor bases or high transaction volumes.

To mitigate this vulnerability, organizations should immediately review and restrict GiveWP user roles, ensuring that only fully trusted personnel have Worker-level or higher access. Implement strict access control policies and audit user permissions regularly. Monitor logs and donation status changes for unusual or unauthorized modifications. If possible, disable or restrict programmatic access to the give_update_payment_status() function until a patch is available. Employ Web Application Firewalls (WAFs) to detect and block suspicious requests targeting this function. Organizations should also keep abreast of updates from the GiveWP vendor and apply patches promptly once released. Additionally, consider implementing multi-factor authentication (MFA) for all users with elevated privileges to reduce the risk of account compromise. Conduct regular security training to raise awareness about insider threats and the importance of role-based access control. Finally, maintain backups of donation data to enable recovery in case of manipulation.