CVE Catalog

CVE-2025-64636

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

The Donation Thermometer plugin versions up to 2.2.7 contain an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to plugin functions.

Risk Assessment

The risk involves potential unauthorized access to sensitive plugin functions, which may lead to data integrity compromise or unauthorized actions within the system.

Recommendation

It is recommended to immediately update the Donation Thermometer plugin to the latest available version that addresses this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS