📦 Idonate

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to reset passwords for any user account, including administrators. Attackers can exploit this to gain adm...

The IDonate WordPress plugin through version 1.9.0 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticated administrators to inject malicious scripts that...

This CVE describes a Missing Authorization vulnerability in the ThemeAtelier IDonate WordPress plugin that allows attackers to bypass access controls. It affects all versions up to and including 2.1.1...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete arbitrary user accounts, including administrators, by exploiting an Insecure Direct Object Refe...

The IDonate WordPress plugin before version 2.1.13 lacks proper authorization and CSRF protection in its user deletion functionality, allowing unauthenticated attackers to delete arbitrary user accoun...