Get the latest tech news

GiveWP plugin for WordPress revealed email addresses of donors in page source


I am in the process of emailing every email address that was exposed by this, but if you are a Corbett Report member who has any questions or concerns about this, please contact me directly.

One of the latest updates of the GiveWP WordPress plugin “accidentally” started publishing the email addresses and usernames of some (but not all) Corbett Report users to the source code of the site. UPDATE: GiveWP has finally patched this massive security flaw with their latest update but are still trying to downplay the problem and limit discussion of it in their own forum. The email addresses exposed were only those who signed up on the site’s membership form since 2024.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of WordPress

WordPress

Photo of email addresses

email addresses

Photo of donors

donors

Related news:

News photo

Hackers actively exploit critical RCE in WordPress Alone theme

News photo

Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers

News photo

Forminator plugin flaw exposes WordPress sites to takeover attacks