CVE-2025-4519 - IDonate 2.1.5 - 2.1.9 - Missing Authorization t...

{ "Source": "CVE FEED", "Title": "CVE-2025-4519 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function", "Content": "CVE ID : CVE-2025-4519 Published : Nov. 7, 2025, 4:28 a.m. | 21 minutes ago Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...", "Detection Date": "07 Nov 2025", "Type": "Vulnerability"}🔹 t.me/cvedetector 🔹