Medium severity5.3NVD Advisory· Published Nov 22, 2025· Updated Apr 8, 2026

CVE-2025-12877

Description

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including, 2.1.15. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-2025-67583 is likely a duplicate of this.

Affected products

Themeatelier/Idonate
cpe:2.3:a:themeatelier:idonate:*:*:*:*:*:wordpress:*:*
Range: <2.1.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3398056/idonate/trunk/src/Helpers/IDonateAjaxHandler.phpnvdPatch
plugins.trac.wordpress.org/changeset/3400306/idonate/trunk/src/Helpers/IDonateAjaxHandler.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/96bd997f-63d5-47a7-b433-486c1113b44bnvdPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000