Every CVE whose affected-product data names Themeatelier Idonate, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-4519 — CVSS 8.8 (high): The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a…
CVE-2024-3594 — CVSS 8.7 (high): The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2025-32519 — CVSS 8.1 (high): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran…
CVE-2025-4522 — CVSS 6.5 (medium): The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference…
CVE-2025-4523 — CVSS 6.5 (medium): The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due…
CVE-2025-11154 — CVSS 5.4 (medium): The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing…
CVE-2025-12877 — CVSS 5.3 (medium): The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data…
CVE-2025-67583 — CVSS 5.3 (medium): Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security…