CVE-2025-4519
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-12-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeatelier | idonate | From 2.1.5 (inc) to 2.1.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the IDonate β Blood Donation, Request And Donor Management System WordPress plugin versions 2.1.5 to 2.1.9. It is a privilege escalation issue caused by a missing capability check in the idonate_donor_password() function. This flaw allows authenticated users with Subscriber-level access or higher to reset the password of any user, including administrators, thereby potentially taking over the entire site.
How can this vulnerability impact me? :
An attacker with at least Subscriber-level access can exploit this vulnerability to reset passwords of any user, including administrators. This can lead to full site takeover, resulting in unauthorized access, data compromise, and potential control over the website and its content.