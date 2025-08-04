Vulnerability Management, Breach, Data Security

WordPress plugin bug prompts Pi-hole breach

(Credit: Bilal Ulker &#8211; stock.adobe.com)

BleepingComputer reports that widely used network-level ad blocker Pi-hole had nearly 30,000 donors' names and addresses compromised following a data breach that involved a vulnerability impacting the WordPress donation plugin GiveWP.

No financial details have been leaked as a result of the incident, according to Pi-hole, which noted such information to be managed by either Stripe or PayPal. "We make it clear in the donation form that we don't even require a valid name or email address, it's purely for users to see and manage their donations. It is also important to note that Pi-hole the product is categorically not the subject of this breach. There is no action needed from users with a Pi-hole installed on their network," said Pi-hole, which also condemned GiveWP's delayed response on addressing the security flaw. Meanwhile, almost 73% of the records inadvertently exposed by the GiveWP plugin without authentication or special access privileges have already been added to the Have I Been Pwned data breach notification service.

