Description
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
Published: 2026-01-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in the WP Attractive Donations System plugin allows an attacker who exploits improperly configured access controls to delete content without proper permissions. This weakness, identified as Missing Authorization (CWE-862), means that an attacker could remove any post, page, or donation entry, potentially disrupting the site’s data integrity and user experience.

Affected Systems

The vulnerability affects the loopus WordPress plugin WP Attractive Donations System – Easy Stripe & Paypal donations, versions from an unspecified starting point up to and including 1.25. The plugin is listable under the vendor loopus in WordPress installations.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact severity, yet the EPSS score of less than 1% points to a low likelihood of exploitation in the wild, and the flaw is not currently listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector would involve a user with compromised or misconfigured administrative privileges, or an attacker who has gained access to the WordPress admin area through other credentials. No public exploit code is documented, so the risk remains moderate to high depending on the security posture.

Generated by OpenCVE AI on May 1, 2026 at 05:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Attractive Donations System to the latest version (1.26 or newer) where the missing authorization flaw has been fixed.
  • If an update is unavailable, disable the plugin or restrict its access exclusively to trusted administrator accounts and verify that user roles have the correct capabilities to prevent unauthorized deletions.
  • After remediation, perform a backup of the WordPress database and check for any unintended deletions that may have occurred prior to patching.

Generated by OpenCVE AI on May 1, 2026 at 05:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Loopus
Loopus wp Attractive Donations System
Wordpress
Wordpress wordpress
Vendors & Products Loopus
Loopus wp Attractive Donations System
Wordpress
Wordpress wordpress

Thu, 08 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Thu, 08 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
Title WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References

Subscriptions

Loopus Wp Attractive Donations System
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:05.830Z

Reserved: 2025-01-07T21:03:35.333Z

Link: CVE-2025-22715

cve-icon Vulnrichment

Updated: 2026-01-08T14:59:19.738Z

cve-icon NVD

Status : Deferred

Published: 2026-01-08T10:15:47.990

Modified: 2026-04-27T19:16:12.123

Link: CVE-2025-22715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:00:13Z

Weaknesses