48 matches found
CVE-2025-4521
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorprofile function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-4521
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorprofile function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-4521
The IDonate WordPress plugin (versions 2.1.5–2.1.9) is affected by a Privilege Escalation due to a missing capability check in idonate_donor_profile(). An attacker with Subscriber-level access or higher can hijack any account by reassigning its email via the donor_id and triggering a password res...
CVE-2025-4521 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorprofile function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
PT-2026-20624
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.1.5 through 2.1.9 Description The IDonate plugin for WordPress has a flaw that allows unauthorized privilege escalation. Attackers with...
WordPress plugin IDonate 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function vulnerability
WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure via admindonorprofileview Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...
WordPress IDonate - Blood Donation, Request And Donor Management System plugin <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability
WordPress IDonate - Blood Donation, Request And Donor Management System plugin = 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Varakorn Chanthasri iCreaM in WordPress Plugin IDonate versions = 2.1.14...
CVE-2025-67583
CVE-2025-67583 concerns the WordPress IDonate plugin (ThemeAtelier IDonate) with a broken access control issue up to version 2.1.15. The vulnerability is described as a Missing Authorization vulnerability arising from incorrectly configured access control security levels in IDonate. Affected soft...
CVE-2025-67583 WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through = 2.1.15...
CVE-2025-12877
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
CVE-2025-12877
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
CVE-2025-12877
Proven vulnerability CVE-2025-12877 affects the WordPress plugin IDonate – Blood Donation, Request And Donor Management System, with all versions up to and including 2.1.15 susceptible to unauthorized modification of data due to a missing capability check in pending_blood_request_action(). This e...
CVE-2025-12877 IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
CVE-2025-12877 IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the pandingbloodrequestaction function in all versions up to, and including, 2.1.15. This makes it possible for...
WordPress plugin IDonate – Blood Donation, Request And Donor Management System 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4519
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorpassword function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522 IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...