CVE-2025-4521

Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.1.5 through 2.1.9

Description The IDonate plugin for WordPress has a flaw that allows unauthorized privilege escalation. Attackers with Subscriber-level access or higher can exploit a missing capability check in the idonate donor profile() function. This allows them to hijack accounts by changing the associated email address and initiating a password reset, potentially gaining full administrator privileges.

Recommendations Update to a version of the IDonate plugin that addresses this issue.