The developers of the popular ad blocker Pi-hole warned that the names and email addresses of everyone who donated to the project were exposed due to a bug in the GiveWP plugin for WordPress.
Pi-hole operates at the DNS level and sinkholes unwanted content before it reaches users’ devices. Initially, the tool was designed for Raspberry Pi single-board computers, but now it supports various Linux systems, both on dedicated hardware and virtual machines.
According to the developers, they learned about the issue on Monday, July 28, 2025, when users began complaining about suspicious emails being sent to addresses they used solely for Pi-hole donations.
It turns out that the data leak affected users who had ever donated funds to the project through a form on the Pi-hole website. Due to a vulnerability in the GiveWP plugin, which was used for fundraising, their personal data could be seen by anyone simply by viewing the source code of the page (without any authentication or special tools).
Although Pi-hole did not specify the exact number of those affected, the data breach aggregator Have I Been Pwned has already added the incident to its database, indicating that the issue impacted nearly 30,000 people.
In their statement, the developers emphasized that users’ financial information (such as bank card data) was not compromised, as all payments were processed directly through Stripe and PayPal. It was also clarified that the leak does not affect the Pi-hole tool itself.
“In the donation form, we explicitly state that users are not required to provide even their real name or email. These details are solely for users to manage their donations later,” the developers’ statement reads. “It is important to note: the Pi-hole product is not affected by this incident. Users who have it installed do not need to take any action.”
Although the creators of GiveWP released a patch a few hours after the information about the bug was posted on GitHub, Pi-hole criticized the plugin developers for notifying users about the issue only after 17.5 hours and for not taking the potential consequences of this vulnerability “seriously enough.”
“We take full responsibility for the software we use. We trusted a widely used plugin, and that trust was compromised,” conclude the authors of Pi-hole.
2025.01.29 — Google to disable Sync in older Chrome versions
Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.02.09 — Abandoned AWS S3 buckets could be used in attacks targeting supply chains
watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations. The researchers discovered…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →