CVE-2025-4522 IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...