According to Wordfence:
https://www.wordfence.com/blog/2019/09/authentication-bypass-vulnerability-in-givewp-plugin/
Our Threat Intelligence team recently discovered an authentication bypass vulnerability in the GiveWP plugin installed on over 70,000 WordPress sites. The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible. This vulnerability exists in GiveWP versions 2.5.4 and earlier and we recommend immediate updating to version 2.5.5 or later.