exploitDog

GHSA-xxxg-8p58-2qqv

Опубликовано: 27 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

Ссылки

EPSS

Процентиль: 4%

0.00022

Низкий

5.4 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-11154

CVSS3: 5.4

nvd

6 дней назад

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

EPSS

Процентиль: 4%

0.00022

Низкий

5.4 Medium

CVSS3

CVE ID