exploitDog

CVE-2025-4522

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themeatelier:idonate:*:*:*:*:*:wordpress:*:*

Версия от 2.0.0 (включая) до 2.1.10 (исключая)

EPSS

Процентиль: 13%

0.00044

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-g482-6rxp-qvg7

CVSS3: 6.5

github

3 месяца назад

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.

EPSS

Процентиль: 13%

0.00044

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862