What the vulnerability does
01Description
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
Explanation of Vulnerability in Simple Terms
IDonatePro versions 2.1.11 and earlier lack proper authorization checks, allowing unauthenticated attackers to read sensitive data. An attacker can access the application over the network without credentials or user interaction. Site administrators should update to a version newer than 2.1.11 immediately.
What an attacker can do
Read sensitive data from the application without logging in.
Potential impact on your site
Confidential information may be exposed to anyone on the internet without needing a user account.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities