WhyDonate WordPress Plugin Data Deletion Vulnerability

Vulnerability

A vulnerability in the WhyDonate WordPress plugin, specifically in versions through 4.0.14, allows unauthenticated users to delete rows from the wp_wdplugin_style table. This issue arises from a missing capability check in the remove_row function, leading to unauthorized data removal.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of data from the wp_wdplugin_style table.

Added: Oct 15, 2025, 9:48 AM

Updated: Oct 15, 2025, 9:48 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WhyDonate WordPress Plugin Data Deletion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating