CVE-2025-4522 identifies a Missing Authorization vulnerability (CWE-862) in the IDonate – Blood Donation, Request And Donor Management System WordPress plugin, specifically affecting versions 2.0.0 through 2.1.9. The flaw exists in the admin_post_donor_delete() function, which processes requests to delete donor user accounts. The vulnerability allows authenticated users with minimal privileges (Subscriber-level or higher) to supply arbitrary user_id parameters to the wp_delete_user() function without proper authorization checks. This enables attackers to delete any user account, including those with administrative privileges, leading to potential loss of administrative control over the WordPress site. The vulnerability is remotely exploitable over the network without user interaction, with low attack complexity and requiring only authenticated access. The CVSS 3.1 score of 6.5 reflects a medium severity, emphasizing high impact on integrity (user account deletion) but no direct impact on confidentiality or availability. No patches or known exploits are currently available, but the risk remains significant for organizations relying on this plugin for critical blood donation management functions. The plugin’s role in managing sensitive healthcare data and user roles increases the potential operational impact of this vulnerability.

For European organizations, particularly those in healthcare, blood donation, and nonprofit sectors using the IDonate plugin, this vulnerability poses a risk of unauthorized deletion of user accounts, including administrators. This can lead to loss of administrative control, disruption of blood donation management workflows, and potential denial of service for legitimate users. The integrity of user data and system management is compromised, potentially delaying critical healthcare operations. Additionally, unauthorized account deletions could facilitate further attacks or data manipulation by adversaries who gain control over the system. Given the sensitive nature of healthcare data and the importance of blood donation systems, this vulnerability could undermine trust and operational reliability. Organizations may face regulatory scrutiny under GDPR if the disruption leads to data handling failures or service outages affecting personal data processing.

To mitigate CVE-2025-4522, organizations should immediately restrict access to the admin_post_donor_delete() function to only trusted administrative roles by implementing strict authorization checks. Review and harden role-based access controls within WordPress and the plugin configuration to ensure Subscriber-level users cannot perform privileged actions. Monitor logs for unusual user deletion activity and implement alerting for account deletions, especially of administrators. If possible, temporarily disable the plugin or the vulnerable functionality until a vendor patch is released. Conduct regular backups of user data and site configurations to enable recovery from unauthorized deletions. Engage with the plugin vendor or community to obtain or develop patches addressing the missing authorization. Additionally, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable function.