cbcvebase.

Themeatelier Idonate vulnerabilities

8 known vulnerabilities affecting themeatelier/idonate.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-4519P2HIGHCVSS 8.8≥ 2.1.5, < 2.1.102025-11-07
CVE-2025-4519 [HIGH] CWE-285 CVE-2025-4519: The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for an
nvd
CVE-2025-32519P3CRITICALCVSS 9.8≤ 2.1.162025-04-11
CVE-2025-32519 [CRITICAL] CWE-98 CVE-2025-32519: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
nvd
CVE-2025-4523P3MEDIUMCVSS 6.5≥ 2.0.0, < 2.1.102025-08-01
CVE-2025-4523 [MEDIUM] CWE-200 CVE-2025-4523: The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrat
nvd
CVE-2025-4522P3MEDIUMCVSS 6.5≥ 2.0.0, < 2.1.102025-11-07
CVE-2025-4522 [MEDIUM] CWE-862 CVE-2025-4522: The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and abo
nvd
CVE-2024-3594P3HIGHCVSS 8.7fixed in 2.0.02024-05-23
CVE-2024-3594 [HIGH] CWE-79 CVE-2024-3594: The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2025-12877P4MEDIUMCVSS 5.3fixed in 2.1.162025-11-22
CVE-2025-12877 [MEDIUM] CWE-862 CVE-2025-12877: The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including, 2.1.15. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-20
nvd
CVE-2025-11154P4MEDIUMCVSS 5.4fixed in 2.1.132025-10-27
CVE-2025-11154 [MEDIUM] CWE-352 CVE-2025-11154: The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.
nvd
CVE-2025-67583P4MEDIUMCVSS 5.3fixed in 2.1.162025-12-09
CVE-2025-67583 [MEDIUM] CWE-862 CVE-2025-67583: Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Co Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
nvd
Themeatelier Idonate vulnerabilities | cvebase