CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4522

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.5%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2025-4522

Themeatelier » Idonate » Version: 2.0.0

cpe:2.3:a:themeatelier:idonate:2.0.0
Themeatelier » Idonate » Version: 2.0.1

cpe:2.3:a:themeatelier:idonate:2.0.1
Themeatelier » Idonate » Version: 2.0.2

cpe:2.3:a:themeatelier:idonate:2.0.2
Themeatelier » Idonate » Version: 2.0.3

cpe:2.3:a:themeatelier:idonate:2.0.3
Themeatelier » Idonate » Version: 2.1.0

cpe:2.3:a:themeatelier:idonate:2.1.0
Themeatelier » Idonate » Version: 2.1.1

cpe:2.3:a:themeatelier:idonate:2.1.1
Themeatelier » Idonate » Version: 2.1.2

cpe:2.3:a:themeatelier:idonate:2.1.2
Themeatelier » Idonate » Version: 2.1.3

cpe:2.3:a:themeatelier:idonate:2.1.3
Themeatelier » Idonate » Version: 2.1.4

cpe:2.3:a:themeatelier:idonate:2.1.4
Themeatelier » Idonate » Version: 2.1.5

cpe:2.3:a:themeatelier:idonate:2.1.5
Themeatelier » Idonate » Version: 2.1.6

cpe:2.3:a:themeatelier:idonate:2.1.6
Themeatelier » Idonate » Version: 2.1.7

cpe:2.3:a:themeatelier:idonate:2.1.7
Themeatelier » Idonate » Version: 2.1.8

cpe:2.3:a:themeatelier:idonate:2.1.8
Themeatelier » Idonate » Version: 2.1.9

cpe:2.3:a:themeatelier:idonate:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4522

Products

Pricing

Contact Us