Idonate
Monthly
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.