CVE-2025-30639: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in ThemeAtelier IDonatePro WordPress plugin versions through 2.1.9. The vulnerability was identified on August 8, 2025, and was assigned CVE-2025-30639. This security issue allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 7.5 (High). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The vulnerability can be exploited by unauthenticated users (Patchstack).

The vulnerability allows an unprivileged user to execute certain higher privileged actions due to missing authorization checks. This could potentially lead to unauthorized access and modification of protected functionality (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to implement the virtual patch immediately to protect their installations (Patchstack).