CVE-2025-4522 is a vulnerability identified in the IDonate – Blood Donation, Request And Donor Management System plugin for WordPress, specifically affecting versions 2.0.0 through 2.1.9. The flaw arises from a missing authorization check (CWE-862) in the admin_post_donor_delete() function. This function calls wp_delete_user() with a user_id parameter that can be arbitrarily controlled by an authenticated attacker with Subscriber-level privileges or higher. Because the plugin fails to verify whether the requesting user has the appropriate permissions to delete other users, an attacker can delete any user account, including administrators, leading to privilege escalation and potential denial of service for legitimate users. The vulnerability is remotely exploitable over the network without user interaction and requires only low privileges, increasing its risk profile. The CVSS 3.1 base score is 6.5 (medium severity), reflecting high impact on integrity but no impact on confidentiality or availability. No patches or exploits are currently publicly available, but the risk remains significant for sites using this plugin without additional access controls.

The primary impact of CVE-2025-4522 is the unauthorized deletion of user accounts, including those with administrative privileges. This can result in loss of administrative control over the WordPress site, disruption of site management, and potential denial of service for legitimate users. Attackers could remove key personnel accounts, causing operational disruption and potentially enabling further attacks if administrative recovery is delayed. Since the vulnerability requires only Subscriber-level access, it lowers the barrier for exploitation, increasing the risk from insider threats or compromised low-privilege accounts. Organizations relying on the IDonate plugin for critical blood donation and donor management workflows may face significant operational and reputational damage if exploited. The lack of confidentiality impact means data theft is not directly enabled, but integrity and availability of user management are severely affected.

To mitigate CVE-2025-4522, organizations should immediately restrict Subscriber-level user capabilities to the minimum necessary and audit existing user roles for unnecessary privileges. Site administrators should monitor user deletion logs closely for suspicious activity. Applying updates or patches from the vendor as soon as they become available is critical. In the absence of official patches, temporarily disabling or removing the vulnerable plugin can prevent exploitation. Implementing Web Application Firewall (WAF) rules to detect and block requests to admin_post_donor_delete() with suspicious user_id parameters can provide interim protection. Additionally, enforcing multi-factor authentication (MFA) for all user accounts can reduce the risk of account compromise leading to exploitation. Regular backups of user data and site configurations will aid recovery if user accounts are maliciously deleted.