IDonate WordPress Plugin Data Exposure Vulnerability

A vulnerability in the IDonate Word Donation, Request And Donor Management System plugin for WordPress, specifically in versions 2.0.0 prior to 2.1.9, allows for unauthorized access to sensitive data. This issue arises from a missing capability check in the admin_donor_profile_view() function, which enables authenticated attackers with Subscriber-level access and above to retrieve an administrator's username, email address, and all donor-related fields.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of sensitive user information, including usernames, email addresses, and donor details.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the WordPress site's admin-ajax.php endpoint, targeting the 'wp_ajax_admin_donor_profile_view' action. This request must include the ID of the user whose profile information is being requested. The absence of proper authorization checks allows the requester to receive a response containing the targeted user's data, including sensitive information such as email and donor details.

Remediation

Users are advised to update the IDonate WordPress plugin to version 2.1.10 or later, where this vulnerability has been patched.