CVE-2025-4519

Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.1.5 through 2.1.9

Description The IDonate plugin for WordPress is susceptible to privilege escalation. Authenticated attackers with Subscriber-level access or higher can initiate a password reset for any user, including administrators, potentially leading to full site takeover. The issue stems from a missing capability check within the idonate donor password() function.

Recommendations Update to a version of the IDonate plugin newer than 2.1.9.