Pi-hole discloses data breach triggered by WordPress plugin flaw www.bleepingcomputer.com/news/secu…

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. Pi-hole acts as a DNS sinkhole, filtering out unwanted content before it reaches the users' devices. While initially designed to run on Raspberry Pi single-board computers, it now supports various Linux systems on dedicated hardware or virtual machines.

The organization stated that they first learned of the incident on Monday, July 28, after donors began reporting that they were receiving suspicious emails at addresses used exclusively for donations. As explained in a Friday post-mortem, the breach affected users who donated through the Pi-hole website’s donation form to support development, exposing personal information that was visible to anyone who viewed the webpage’s source code due to a GiveWP security flaw.