Summary: The GiveWP plugin for WordPress has a critical unauthenticated PHP Object Injection vulnerability that could allow attackers to take over affected sites. Users are advised to update to version 3.19.4 or later to mitigate this risk.

Threat Actor: Unspecified | threat actor
Victim: GiveWP users | GiveWP

Key Point :

• Vulnerability tracked as CVE-2025-22777 allows unauthenticated PHP Object Injection.
• Previous vulnerabilities were bypassed due to weak regex checks, allowing malicious metadata storage.
• Patch includes stricter checks for serialized strings to prevent exploitation.
• Users are urged to update to version 3.19.4 to ensure security.
• Patchstack customers are already protected from this vulnerability.