IDonate WordPress Plugin Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the IDonate Word Donation, Request And Donor Management System plugin for WordPress, specifically in versions 2.1.5 prior to 2.1.9. The vulnerability arises from a missing capability check in the idonate_donor_password() function, allowing authenticated attackers with Subscriber-level access and above to initiate a password reset for any user, including administrators. This exploitation could lead to a complete takeover of the affected user’s account.

Impact

Exploitation of this vulnerability allows for unauthorized password resets, enabling attackers to gain access to other users' accounts, including those of administrators. Such access could be used to take full control of the WordPress site.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the idonate_donor_password() function without the necessary capability checks. This can be done by including a nonce verification in the request, which the function currently lacks. Once the request is processed, the attacker can reset the password for any user, effectively taking over their account.

Remediation

Users are advised to update the IDonate WordPress plugin to version 2.1.10 or later, where this vulnerability has been patched.