Lucene search
K

6 matches found

Cvelist
Cvelist
added 2025/04/01 2:52 p.m.23 views

CVE-2025-31892 WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through = 2.1.15...

6.5CVSS0.00204EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 9:15 a.m.23 views

CVE-2024-11911

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS0.00267EPSS
Exploits0References2
CVE
CVE
added 2024/12/13 8:24 a.m.46 views

CVE-2024-11911

CVE-2024-11911 concerns the WP Crowdfunding plugin for WordPress. A missing capability check in the install_woocommerce_plugin() action allows authenticated users with Subscriber+ rights to install WooCommerce on all versions up to 2.1.12. Impact is limited since WooCommerce is typically required...

4.3CVSS4.4AI score0.00267EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/13 8:24 a.m.9 views

CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS6.5AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/13 8:24 a.m.26 views

CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/13 8:24 a.m.10 views

CVE-2024-11910 WP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00307EPSS
Exploits0References4
Rows per page
Query Builder