Merge branch 'develop' into epic/campaigns

impress-org · Mar 11, 2025 · dab1df0 · dab1df0
2 parents a7babf7 + 6566495
commit dab1df0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/give.php b/give.php
@@ -6,7 +6,7 @@
  * Description: The most robust, flexible, and intuitive way to accept donations on WordPress.
  * Author: GiveWP
  * Author URI: https://givewp.com/
- * Version: 3.22.0
+ * Version: 3.22.1
  * Requires at least: 6.5
  * Requires PHP: 7.2
  * Text Domain: give
@@ -420,7 +420,7 @@ private function setup_constants()
     {
         // Plugin version.
         if (!defined('GIVE_VERSION')) {
-            define('GIVE_VERSION', '3.22.0');
+            define('GIVE_VERSION', '3.22.1');
         }
 
         // Plugin Root File.

diff --git a/includes/admin/reports/reports.php b/includes/admin/reports/reports.php
@@ -298,10 +298,15 @@ function give_reports_gateways_table() {
 /**
  * Renders the Reports Earnings Graphs
  *
+ * @since 3.22.1 added permissions check
  * @since 1.0
  * @return void
  */
 function give_reports_earnings() {
+    if (!current_user_can('view_give_reports')){
+        wp_die(__('You do not have permission to access this report', 'give'), __('Error', 'give'), ['response' => 403]);
+    }
+
 	?>
 	<div class="tablenav top reports-table-nav">
 		<h2 class="reports-earnings-title screen-reader-text"><?php _e( 'Revenue Report', 'give' ); ?></h2>

diff --git a/readme.txt b/readme.txt
@@ -5,7 +5,7 @@ Tags: donation, donate, recurring donations, fundraising, crowdfunding
 Requires at least: 6.5
 Tested up to: 6.7
 Requires PHP: 7.2
-Stable tag: 3.22.0
+Stable tag: 3.22.1
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -266,6 +266,9 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on.
 
 == Changelog ==
+= 3.22.1: March 7th, 2025 =
+* Security: Added a permission check to a GiveWP reporting request (CVE-2025-2025)
+
 = 3.22.0: February 26th, 2025 =
 * New: Added initial WPML and Polylang multilingual translation support to visual form builder forms that currently excludes custom fields
 * Fix: Resolved a validation issue with PayPal donations when using Akismet