Keeping up with updates on your site is one of the most important ways in keeping your site secure and against threats that may come about of plugin vulnerabilities. Wordfence put out information on the GiveWP plugin and if you have this plugin installed on your site, you need to upgrade to fix and patch this problem.
Announcement from Wordfence – Authentication Bypass Vulnerability in GiveWP Plugin – Upgrade Now!
A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a WordPress plugin installed on over 70,000 websites. The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible.
We privately disclosed the issue to the plugin’s developer on September 3rd, who were quick to respond and released a patch shortly after. Wordfence Premium customers received a new firewall rule on September 4th to protect against exploits targeting this vulnerability. Free Wordfence users will receive the rule after thirty days.
This is considered a high security issue, and websites running Give 2.5.4 or below should be updated to version 2.5.5 or later right away.
See the full post here – Authentication Bypass Vulnerability in GiveWP Plugin