Medium severity5.3NVD Advisory· Published Oct 15, 2025· Updated Apr 15, 2026
CVE-2025-10186
CVE-2025-10186
Description
The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the remove_row function in all versions up to, and including, 4.0.15. This makes it possible for unauthenticated attackers to delete rows from the wp_wdplugin_style table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=4.0.15
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.