CVE-2025-67259

Affects ClassroomIO v0.1.13. A Broken Access Control vulnerability allows an authenticated low-privilege student to access unauthorized course information by altering intercepted API requests. Specifically, changing a captured POST request to a GET against the /rest/v1/course PostgREST endpoint e...

CVE-2025-4523

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admindonorprofileview function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with...