IDonate – Blood Donation, Request And Donor Management System

Vulnerabilities 9Slug idonateLatest version 2.1.18WordPress.org →

Minimum safe version

2.1.16

Update to 2.1.16 or later to address 8 fixable vulnerabilities

Latest available2.1.18 ✓⚠ 1 vulnerability has no fix

N/A

2025-11-06< 2.1.10

IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function

Wordfence CVE

N/A

2025-11-06< 2.1.10

IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function

Wordfence CVE

N/A

2026-02-18< 2.1.0

IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function

Wordfence CVE

Medium 5.3

2025-12-09< 2.1.16

CVE-2025-67583

CVE

Medium 5.3

2025-11-22< 2.1.16

CVE-2025-12877

CVE EUVD Wordfence

Medium 5.4

2025-10-28< 2.1.13

IDonate < 2.1.13 - Missing Authorization

Wordfence CVE

Medium 6.5

2025-08-01≥ 2.0.0 and < 2.1.10

IDonate 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function

EUVD Wordfence CVE

Critical 9.8 Unfixed

2025-04-11≤ 2.1.18

WordPress IDonate plugin <= 2.1.18 - Local File Inclusion vulnerability

CVE EUVD Patchstack Wordfence

High 8.7

2024-05-23< 2.0.0

CVE-2024-3594

CVE Wordfence Patchstack