Themeatelier

Idonate

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-4521

  • EPSS 0.05%
  • Veröffentlicht 19.02.2026 04:36:11
  • Zuletzt bearbeitet 19.02.2026 15:53:02

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it possible ...

5.3

CVE-2025-67583

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 14:14:15
  • Zuletzt bearbeitet 20.01.2026 15:19:26

Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.

5.3

CVE-2025-12877

  • EPSS 0.09%
  • Veröffentlicht 22.11.2025 07:29:20
  • Zuletzt bearbeitet 04.12.2025 15:40:39

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and incl...

8.8

CVE-2025-4519

  • EPSS 0.06%
  • Veröffentlicht 07.11.2025 04:28:54
  • Zuletzt bearbeitet 04.12.2025 21:20:16

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible...

6.5

CVE-2025-4522

  • EPSS 0.04%
  • Veröffentlicht 07.11.2025 04:28:54
  • Zuletzt bearbeitet 04.12.2025 21:26:25

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id paramete...

5.4

CVE-2025-11154

Exploit
  • EPSS 0.04%
  • Veröffentlicht 27.10.2025 06:15:37
  • Zuletzt bearbeitet 05.12.2025 00:20:23

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

6.5

CVE-2025-4523

  • EPSS 0.06%
  • Veröffentlicht 01.08.2025 04:24:29
  • Zuletzt bearbeitet 05.12.2025 20:09:34

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it...

9.8

CVE-2025-32519

  • EPSS 0.55%
  • Veröffentlicht 11.04.2025 08:42:52
  • Zuletzt bearbeitet 08.12.2025 14:24:51

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonate allows PHP Local File Inclusion. This issue affects IDonate: from n/a through 2.1.8.

8.7

CVE-2024-3594

Exploit
  • EPSS 1.3%
  • Veröffentlicht 23.05.2024 06:15:10
  • Zuletzt bearbeitet 21.05.2025 19:03:07

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...