Unrated severityNVD Advisory· Published Oct 27, 2025· Updated Oct 27, 2025
IDonate < 2.1.13 - Unauthenticated User Deletion
CVE-2025-11154
Description
The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1.13
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/fdb9e076-4c65-4fd1-b1f6-23c23a11bdb7/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.