CVE-2025-11154

Alias:

Overview

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.

Critical

Low

Medium

No items found.

Severity / CVSS Score: (Critical)

CWE:

Discovery date: October 27, 2025

Authentication required: NoneYes

Attack Vector: None

CVE-2025-11154

Overview

Affected Components

Kodem Deep Dive

Stop the waste.
Protect your environment with Kodem.

CVE-2025-11154

Overview

Affected Components

Kodem Deep Dive

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.