Description
Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
Published: 2025-12-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies a missing authorization flaw in the Foysal Imran IDonate WordPress plugin, allowing attackers to exploit incorrectly configured access control security levels. This weakness can let unauthorized users elevate privileges, potentially accessing or modifying content, settings, or data that should be restricted to authenticated or privileged users.

Affected Systems

Systems running the WordPress IDonate plugin version 2.1.15 or earlier are affected. The vendor product is the IDonate plugin by Foysal Imran, and the issue is applicable to all installations using the plugin with this or older versions.

Risk and Exploitability

The vulnerability has a CVSS score of 5.3, indicating moderate severity. The EPSS score is less than 1%, suggesting a low probability of widespread exploitation at this time. It is not listed in the CISA KEV catalog. The likely attack vector is via web requests to the plugin’s administrative endpoints, where the missing authorization check allows privilege escalation. Given the moderate score and low exploitation probability, the risk to a mitigated environment is moderate but still warrants timely action.

Generated by OpenCVE AI on April 29, 2026 at 19:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the IDonate plugin to a version newer than 2.1.15 to eliminate the known missing authorization flaw.
  • Restrict administrative access to the plugin by configuring WordPress roles so that only trusted users have capability to perform privileged actions.
  • Audit and remove any legacy or unused plugin files that may retain the vulnerable code path.

Generated by OpenCVE AI on April 29, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15. Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Fri, 12 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Dec 2025 12:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:themeatelier:idonate:*:*:*:*:*:wordpress:*:*

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Themeatelier
Themeatelier idonate
Wordpress
Wordpress wordpress
Vendors & Products Themeatelier
Themeatelier idonate
Wordpress
Wordpress wordpress

Tue, 09 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
Title WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Themeatelier Idonate
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:21.939Z

Reserved: 2025-12-09T12:21:34.121Z

Link: CVE-2025-67583

cve-icon Vulnrichment

Updated: 2025-12-09T20:37:45.509Z

cve-icon NVD

Status : Modified

Published: 2025-12-09T16:18:36.120

Modified: 2026-04-27T18:16:44.703

Link: CVE-2025-67583

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T19:45:18Z

Weaknesses