Themeatelier Idonate
8 CVEs affecting Themeatelier Idonate. Latest disclosed: 2025-12-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-4519 | High | 8.8 | 2025-11-07 | The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check… |
CVE-2024-3594 | High | 8.7 | 2024-05-23 | The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform… |
CVE-2025-32519 | High | 8.1 | 2025-04-11 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PH… |
CVE-2025-4522 | Medium | 6.5 | 2025-11-07 | The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_don… |
CVE-2025-4523 | Medium | 6.5 | 2025-08-01 | The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability… |
CVE-2025-11154 | Medium | 5.4 | 2025-10-27 | The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers… |
CVE-2025-67583 | Medium | 5.3 | 2025-12-09 | Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |
CVE-2025-12877 | Medium | 5.3 | 2025-11-22 | The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capa… |