6 matches found
CVE-2025-31892 WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through = 2.1.15...
CVE-2024-11911
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-11911
CVE-2024-11911 concerns the WP Crowdfunding plugin for WordPress. A missing capability check in the install_woocommerce_plugin() action allows authenticated users with Subscriber+ rights to install WooCommerce on all versions up to 2.1.12. Impact is limited since WooCommerce is typically required...
CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-11910 WP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...