What the vulnerability does
01Description
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
Explanation of Vulnerability in Simple Terms
IDonatePro versions 2.1.9 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data on the site. An attacker can send network requests without logging in to alter sensitive information. No authentication or user interaction is required to exploit this vulnerability.
What an attacker can do
Modify or alter data on the site without logging in.
Potential impact on your site
Unauthorized users can change site data, potentially affecting donations, user records, or plugin settings.
Conditions required to exploit
Network access to the site; no authentication required.
Key dates
External resources
Related vulnerabilities