Although GiveWP released a patch within hours of the vulnerability being reported on GitHub, Pi-hole criticized the plugin developer’s response, citing a 17.5-hour delay before notifying users and what it described as insufficient acknowledgment of the security flaw’s potential impact on donor names and email addresses.

Maybe, don’t depend so much on 3rd party plugins specially when handling sensitive data like names and email addresses.