CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4519

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.4%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2025-4519

Themeatelier » Idonate » Version: 2.1.5

cpe:2.3:a:themeatelier:idonate:2.1.5
Themeatelier » Idonate » Version: 2.1.6

cpe:2.3:a:themeatelier:idonate:2.1.6
Themeatelier » Idonate » Version: 2.1.7

cpe:2.3:a:themeatelier:idonate:2.1.7
Themeatelier » Idonate » Version: 2.1.8

cpe:2.3:a:themeatelier:idonate:2.1.8
Themeatelier » Idonate » Version: 2.1.9

cpe:2.3:a:themeatelier:idonate:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4519

Products

Pricing

Contact Us