Lucene search
+L
ThemeatelierIdonate

8 matches found

CVE
CVE
added 2024/05/23 6:0 a.m.5694 views

CVE-2024-3594

The CVE CVE-2024-3594 concerns the IDonate WordPress plugin (≤ 1.9.0). It states that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Root cause: incomplete sanitization/escaping...

8.7CVSS5.6AI score0.00518EPSS
Web
CVE
CVE
added 2025/04/11 8:42 a.m.51 views

CVE-2025-32519

CVE-2025-32519 corresponds to a PHP Remote File Inclusion/Local File Inclusion issue in the WordPress plugin IDonate (Blood Donation, Request And Donor Management System). The vulnerability arises from improper control of the filename used in include/require statements , enabling unauthenticated ...

9.8CVSS7.2AI score0.0086EPSS
CVE
CVE
added 2025/08/01 4:24 a.m.31 views

CVE-2025-4523

CVE-2025-4523 affects the WordPress plugin “IDonate – Blood Donation, Request And Donor Management System”. The vulnerability arises from a missing capability check in the admin_donor_profile_view() function, making it possible for authenticated users with Subscriber-level access and above to exp...

6.5CVSS6.8AI score0.00303EPSS
CVE
CVE
added 2025/11/07 4:28 a.m.27 views

CVE-2025-4519

CVE-2025-4519 (IDonate WordPress plugin) is a privilege-escalation vulnerability affecting IDonate versions 2.1.5–2.1.9, caused by a missing capability check in the idonate_donor_password() function. The issue allows authenticated users with Subscriber level access and above to initiate a passwor...

8.8CVSS5.2AI score0.00332EPSS
CVE
CVE
added 2025/11/07 4:28 a.m.25 views

CVE-2025-4522

The WordPress IDonate plugin (IDonate) is affected by an Insecure Direct Object Reference in versions 2.0.0–2.1.9. The root cause is improper access control in the admin_post_donor_delete flow, which allows an authenticated user (Subscriber+ privilege) to craft a user_id value passed to wp_delete...

6.5CVSS6.2AI score0.00249EPSS
CVE
CVE
added 2025/10/27 6:0 a.m.21 views

CVE-2025-11154

CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...

5.4CVSS6.6AI score0.0013EPSS
CVE
CVE
added 2025/11/22 7:29 a.m.20 views

CVE-2025-12877

Proven vulnerability CVE-2025-12877 affects the WordPress plugin IDonate – Blood Donation, Request And Donor Management System, with all versions up to and including 2.1.15 susceptible to unauthorized modification of data due to a missing capability check in pending_blood_request_action(). This e...

5.3CVSS6AI score0.00241EPSS
CVE
CVE
added 2025/12/09 2:14 p.m.15 views

CVE-2025-67583

CVE-2025-67583 concerns the WordPress IDonate plugin (ThemeAtelier IDonate) with a broken access control issue up to version 2.1.15. The vulnerability is described as a Missing Authorization vulnerability arising from incorrectly configured access control security levels in IDonate. Affected soft...

5.3CVSS5.9AI score0.00183EPSS