Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High2
Medium3
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-02-19

CVE-2025-4521 - Request And Donor Management System Plugin

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to hijack any account by reassigning its email address (via the donor_id they supply) and then triggering a password reset, ultimately granting themselves full administrator privileges.

PLUGIN Request And Donor Management System

CVE-2025-4521

HIGH CVSS 8.8 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-12-04

CVE-2025-12877 - Request And Donor Management System Plugin

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including, 2.1.15. This makes it possible for unauthenticated attackers to delete arbitrary posts.

PLUGIN Request And Donor Management System

CVE-2025-12877

MEDIUM CVSS 5.3 2025-11-22
Open Full Technical Breakdown
Threat Entry Updated 2025-12-04

CVE-2025-4519 - Request And Donor Management System Plugin

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.

PLUGIN Request And Donor Management System

CVE-2025-4519

HIGH CVSS 8.8 2025-11-07
Open Full Technical Breakdown
Threat Entry Updated 2025-12-04

CVE-2025-4522 - Request And Donor Management System Plugin

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.

PLUGIN Request And Donor Management System

CVE-2025-4522

MEDIUM CVSS 6.5 2025-11-07
Open Full Technical Breakdown
Threat Entry Updated 2025-12-05

CVE-2025-4523 - Request And Donor Management System Plugin

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.

PLUGIN Request And Donor Management System

CVE-2025-4523

MEDIUM CVSS 6.5 2025-08-01
Open Full Technical Breakdown
Scroll to top