CVE-2025-4522 is a vulnerability classified under CWE-862 (Missing Authorization) affecting the IDonate – Blood Donation, Request And Donor Management System plugin for WordPress, specifically versions 2.0.0 through 2.1.9. The flaw exists in the admin_post_donor_delete() function, which handles user deletion requests. This function fails to properly verify that the authenticated user has the necessary permissions to delete arbitrary user accounts. As a result, an attacker with only Subscriber-level privileges or higher can supply an arbitrary user_id parameter to the wp_delete_user() function, causing the deletion of any user account, including administrators. This represents an Insecure Direct Object Reference (IDOR) vulnerability, where direct access to internal objects (user accounts) is not properly authorized. The vulnerability has a CVSS 3.1 base score of 6.5 (medium severity), with an attack vector of network, low attack complexity, requiring privileges (authenticated user), no user interaction, and impacts integrity but not confidentiality or availability. The absence of known exploits in the wild suggests limited current exploitation, but the potential for privilege escalation and disruption of administrative control is significant. The plugin is used in managing blood donation and donor requests, making it critical in healthcare-related WordPress sites. The vulnerability could allow attackers to disrupt operations by deleting key user accounts, potentially locking out legitimate administrators and compromising system integrity.

For European organizations, particularly those in the healthcare sector using the IDonate plugin, this vulnerability poses a risk of unauthorized deletion of user accounts, including administrators. This can lead to loss of administrative control, disruption of blood donation management operations, and potential denial of service to legitimate users. The integrity of user data and system management is compromised, which could affect patient and donor data handling indirectly by disabling or disrupting system administration. Given the critical nature of healthcare services and the increasing reliance on digital platforms in Europe, such disruptions could have operational and reputational consequences. Furthermore, unauthorized account deletions could be leveraged as part of a broader attack chain to escalate privileges or cause persistent denial of service. The medium severity rating reflects the need for timely remediation to prevent exploitation. Organizations with limited IT security resources or those slow to apply updates are particularly vulnerable. The impact is heightened in countries with high adoption of WordPress in healthcare and blood donation services, where such plugins are more likely to be deployed.

1. Apply patches or updates from the plugin vendor as soon as they become available to fix the authorization flaw. 2. If patches are not yet available, restrict access to the plugin's administrative functions by limiting Subscriber-level and other low-privilege user capabilities using WordPress role management plugins or custom code. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious requests attempting to invoke the admin_post_donor_delete() function with arbitrary user_id parameters. 4. Monitor WordPress logs and audit trails for unusual user deletion activities, especially those initiated by low-privilege accounts. 5. Conduct regular reviews of user accounts and permissions to quickly detect unauthorized deletions or changes. 6. Consider temporarily disabling or replacing the plugin if it is not essential or if a patch is not available, to reduce exposure. 7. Educate administrators and users about the risk and encourage strong authentication practices to reduce the risk of compromised accounts being used to exploit this vulnerability. 8. Employ network segmentation and least privilege principles to limit the impact of any successful exploitation within the IT environment.