8 matches found
CVE-2024-3594
The CVE CVE-2024-3594 concerns the IDonate WordPress plugin (≤ 1.9.0). It states that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Root cause: incomplete sanitization/escaping...
CVE-2025-32519
CVE-2025-32519 corresponds to a PHP Remote File Inclusion/Local File Inclusion issue in the WordPress plugin IDonate (Blood Donation, Request And Donor Management System). The vulnerability arises from improper control of the filename used in include/require statements , enabling unauthenticated ...
CVE-2025-4523
CVE-2025-4523 affects the WordPress plugin “IDonate – Blood Donation, Request And Donor Management System”. The vulnerability arises from a missing capability check in the admin_donor_profile_view() function, making it possible for authenticated users with Subscriber-level access and above to exp...
CVE-2025-4519
CVE-2025-4519 (IDonate WordPress plugin) is a privilege-escalation vulnerability affecting IDonate versions 2.1.5–2.1.9, caused by a missing capability check in the idonate_donor_password() function. The issue allows authenticated users with Subscriber level access and above to initiate a passwor...
CVE-2025-4522
The WordPress IDonate plugin (IDonate) is affected by an Insecure Direct Object Reference in versions 2.0.0–2.1.9. The root cause is improper access control in the admin_post_donor_delete flow, which allows an authenticated user (Subscriber+ privilege) to craft a user_id value passed to wp_delete...
CVE-2025-11154
CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...
CVE-2025-12877
Proven vulnerability CVE-2025-12877 affects the WordPress plugin IDonate – Blood Donation, Request And Donor Management System, with all versions up to and including 2.1.15 susceptible to unauthorized modification of data due to a missing capability check in pending_blood_request_action(). This e...
CVE-2025-67583
CVE-2025-67583 concerns the WordPress IDonate plugin (ThemeAtelier IDonate) with a broken access control issue up to version 2.1.15. The vulnerability is described as a Missing Authorization vulnerability arising from incorrectly configured access control security levels in IDonate. Affected soft...