cleantalk
Vulnerabilities and Security Researches

Whydonate – FREE Donate button – Crowdfunding – Fundraising, CVE-2025-10186

CVE, Research URL

CVE-2025-10186

Home page URL

Security reports for Whydonate – FREE Donate button – Crowdfunding – Fundraising

Application

Whydonate – FREE Donate button – Crowdfunding – Fundraising

Published on
Oct 15, 2025
Research Description
The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the remove_row function in all versions up to, and including, 4.0.14. This makes it possible for unauthenticated attackers to delete rows from the wp_wdplugin_style table.
Affected versions
max 4.0.14.
Status
vulnerable
Previous vulnerability researches
Ultra Addons Lite for Elementor (CVE-2024-13832) , Mar 01, 2025
Ultra Addons Lite for Elementor (CVE-2023-53589) , Nov 11, 2025
Ultra Addons Lite for Elementor (CVE-2025-32192) , Apr 05, 2025
New vulnerability
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8593) , Nov 11, 2025