Lucene search
+L

25 matches found

NVD
NVD
added 5 days ago3 views

CVE-2026-57406

Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through = 1.7.6...

6.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-57406

CVE-2026-57406 : A Missing Authorization vulnerability is reported in the WordPress FundEngine plugin (wp-fundraising-donation) affecting versions up to 1.7.6. The issue is described as broken access control due to incorrectly configured access security levels, enabling exploitation of access con...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57406 WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through = 1.7.6...

6.5CVSS0.00242EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 12:34 p.m.5 views

WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou in WordPress Plugin FundEngine versions = 1.7.6...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-47742

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25369

Malicious code in bioql PyPI...

7.5CVSS4.6AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.4 views

CVE-2025-48302

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

7.5CVSS5.9AI score0.00462EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 8:15 a.m.3 views

CVE-2025-48302

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

7.5CVSS0.00462EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.11 views

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

7.5CVSS0.00462EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:3 a.m.13 views

CVE-2025-48302

Summary: CVE-2025-48302 is a Local File Inclusion in the WordPress FundEngine plugin (versions up to 1.7.4) caused by improper control of filenames in include/require statements (PHP.Remote File Inclusion pathway). Affected software: FundEngine – Donation and Crowdfunding Platform for WordPress (v

7.5CVSS5.9AI score0.00462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.1 views

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4...

7.5CVSS7.4AI score0.00462EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.3 views

WordPress plugin FundEngine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS4.6AI score0.00462EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.4 views

PT-2025-33931 · Roxnor · Roxnor Fundengine

Name of the Vulnerable Software and Affected Versions: Roxnor FundEngine versions through 1.7.4 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

7.5CVSS6.5AI score0.00462EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/08 7:20 a.m.9 views

WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...

7.5CVSS4.6AI score0.00462EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:4 a.m.10 views

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.1AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 4:15 a.m.32 views

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS0.00431EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 4:15 a.m.15 views

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS5.7AI score0.00431EPSS
Exploits0References2
CVE
CVE
added 2024/08/01 3:29 a.m.63 views

CVE-2024-6698

CVE-2024-6698: FundEngine – Donation and Crowdfunding Platform for WordPress is vulnerable to privilege escalation in all versions up to and including 1.7.0. The root cause is improper verification of user meta updates performed via update_user_meta, enabling authenticated users with subscriber-l...

8.8CVSS8.8AI score0.00431EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/01 3:29 a.m.19 views

CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS8.8AI score0.00431EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/01 3:29 a.m.40 views

CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS0.00431EPSS
Exploits0References2
Rows per page
Query Builder