Idonate
Monthly
Missing authorization controls in IDonate WordPress plugin through version 2.1.15 allows unauthenticated remote attackers to access sensitive information due to incorrectly configured access control security levels. The vulnerability has a low EPSS score (0.04%, 13th percentile) and no public exploit code or active exploitation is documented, indicating limited real-world attack incentive despite network-accessible attack surface.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Missing authorization controls in IDonate WordPress plugin through version 2.1.15 allows unauthenticated remote attackers to access sensitive information due to incorrectly configured access control security levels. The vulnerability has a low EPSS score (0.04%, 13th percentile) and no public exploit code or active exploitation is documented, indicating limited real-world attack incentive despite network-accessible attack surface.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.