CVE-2025-4523
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-12-05
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeatelier | idonate | From 2.0.0 (inc) to 2.1.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the IDonate β Blood Donation, Request And Donor Management System WordPress plugin versions 2.0.0 to 2.1.9. It is caused by a missing capability check in the admin_donor_profile_view() function, which allows authenticated users with Subscriber-level access or higher to access sensitive administrator information such as username, email address, and all donor fields without proper authorization.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information including administrator usernames, email addresses, and donor data. This exposure could be exploited by attackers to compromise user privacy, conduct targeted attacks, or misuse donor information.