cleantalk
Vulnerabilities and Security Researches

Whydonate – FREE Donate button – Crowdfunding – Fundraising, CVE-2025-10186

CVE, Research URL

CVE-2025-10186

Home page URL

Security reports for Whydonate – FREE Donate button – Crowdfunding – Fundraising

Application

Whydonate – FREE Donate button – Crowdfunding – Fundraising

Published on
Oct 15, 2025
Research Description
The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the remove_row function in all versions up to, and including, 4.0.14. This makes it possible for unauthenticated attackers to delete rows from the wp_wdplugin_style table.
Affected versions
max 4.0.14.
Status
vulnerable
Previous vulnerability researches
Opal Service (CVE-2025-62913) , Nov 11, 2025
New vulnerability
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025