exploitDog

GHSA-xxxg-8p58-2qqv

Опубликовано: 27 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

Ссылки

EPSS

Процентиль: 7%

0.00028

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-11154

CVSS3: 5.4

nvd

около 2 месяцев назад

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

EPSS

Процентиль: 7%

0.00028

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352