Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-11154

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

Published

2025-10-27T06:15:37.020

Last Modified

2025-12-05T00:20:23.643

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	themeatelier	idonate	< 2.1.13	Yes

References

https://wpscan.com/vulnerability/fdb9e076-4c65-4fd1-b1f6-23c23a11bdb7/ Exploit, Third Party Advisory ([email protected])