IDonate

ThemeAtelier

Developer

2.1.17

Latest version

100

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

1 present

5 fixed

4 Mitigation rules

Broken Access Control vulnerability
<= 2.1.15
Dec 7, 2025
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability
2.1.5-2.1.9
Nov 7, 2025
WordPress IDonate plugin 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function vulnerability
2.0.0-2.1.9
Nov 7, 2025
Unauthenticated User Deletion vulnerability
< 2.1.13
Oct 28, 2025
Local File Inclusion vulnerability
<= 2.1.17
Apr 9, 2025
Admin+ Stored XSS vulnerability
< 2.0.0
Mar 1, 2024