3 matches found
CVE-2024-11910 WP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-11910
CVE-2024-11910 affects the WP Crowdfunding plugin for WordPress. It enables Stored XSS via the wp-crowdfunding/search block in all versions up to 2.1.12, exploitable by authenticated attackers with Contributor-level access or higher. The root cause is insufficient input sanitization and output es...
CVE-2024-11910 WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...