CVE-2025-11154

Medium CVSS: 5.4

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

Vendor

Themeatelier

Product

Idonate

CWE

CWE-352

Yayın Tarihi

2025-10-27 06:15:37

Güncelleme

2025-12-05 00:20:23

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-352 Idonate MEDIUM Themeatelier 2025

Referanslar

https://wpscan.com/vulnerability/fdb9e076-4c65-4fd1-b1f6-23c23a11bdb7/

Benzer Kayıtlar

Medium

CVE-2025-67583

Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Cont…

Medium

CVE-2025-12877

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized mod…

High

CVE-2025-4519

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escala…

Medium

CVE-2025-4522

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct…

Medium

CVE-2025-4523

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized acc…

Critical

CVE-2025-32519

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in…