2 matches found
CVE-2026-57406
CVE-2026-57406 : A Missing Authorization vulnerability is reported in the WordPress FundEngine plugin (wp-fundraising-donation) affecting versions up to 1.7.6. The issue is described as broken access control due to incorrectly configured access security levels, enabling exploitation of access con...
CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4...