Name of the Vulnerable Software and Affected Versions:

IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.0.0 through 2.1.9

Description:

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is susceptible to unauthorized data access due to a missing capability check within the `admin donor profile view()` function. This allows authenticated attackers with Subscriber-level access or higher to reveal an administrator’s username, email address, and all donor fields.

Recommendations:

Update to a version beyond 2.1.9.