Vulnerability cyber

Pi-hole

Aug 1, 2025 1 min read
Pi-hole

Pi-hole, a network-level ad-blocker, disclosed a security vulnerability in the GiveWP WordPress donation plugin that exposed donor names and email addresses. The flaw made donor information publicly accessible via the webpage's source code, affecting nearly 30,000 donors. No financial data was compromised, as payment details are handled by Stripe and PayPal. The Pi-hole software itself remained unaffected. The incident led to potential reputation damage, with Pi-hole apologizing and criticizing GiveWP's delayed response. The vulnerability was patched within hours, but the breach highlighted the risks of trusting third-party plugins.

Source: https://www.bleepingcomputer.com/news/security/pi-hole-discloses-data-breach-via-givewp-wordpress-plugin-flaw/

TPRM report: https://www.rankiteo.com/company/the-pi-hole

"id": "the218080925",
"linkid": "the-pi-hole",
"type": "Vulnerability",
"date": "8/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'Almost 30,000 donors',
                        'industry': 'Software',
                        'name': 'Pi-hole',
                        'type': 'Organization'}],
 'attack_vector': 'Vulnerability in WordPress Plugin',
 'customer_advisories': 'No action needed for Pi-hole software users',
 'data_breach': {'number_of_records_exposed': 'Almost 30,000',
                 'personally_identifiable_information': 'Names and email '
                                                        'addresses',
                 'sensitivity_of_data': 'Low',
                 'type_of_data_compromised': 'Donor names and email addresses'},
 'date_detected': '2023-07-28',
 'date_publicly_disclosed': '2023-08-04',
 'description': 'Pi-hole, a popular network-level ad-blocker, disclosed that '
                'donor names and email addresses were exposed through a '
                'security vulnerability in the GiveWP WordPress donation '
                'plugin.',
 'impact': {'brand_reputation_impact': 'Potential reputation damage',
            'data_compromised': 'Donor names and email addresses',
            'payment_information_risk': 'No financial information exposed',
            'systems_affected': 'Pi-hole website donation form'},
 'investigation_status': 'Completed',
 'lessons_learned': 'Pi-hole acknowledged the need to be more cautious with '
                    'third-party plugins.',
 'post_incident_analysis': {'corrective_actions': 'Patch applied by GiveWP',
                            'root_causes': 'Vulnerability in GiveWP WordPress '
                                           'plugin'},
 'references': [{'source': 'Pi-hole Blog Post'},
                {'source': 'Have I Been Pwned'}],
 'response': {'communication_strategy': 'Public disclosure and apology',
              'containment_measures': 'GiveWP released a patch within hours'},
 'title': 'Pi-hole Donor Data Exposure',
 'type': 'Data Breach',
 'vulnerability_exploited': 'GiveWP WordPress Plugin Flaw'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.