EUVD-2024-47742

Malicious code in bioql PyPI...

EUVD-2025-25369

Malicious code in bioql PyPI...

CVE-2025-48302

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

CVE-2025-48302

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

CVE-2025-48302

Summary: CVE-2025-48302 is a Local File Inclusion in the WordPress FundEngine plugin (versions up to 1.7.4) caused by improper control of filenames in include/require statements (PHP.Remote File Inclusion pathway). Affected software: FundEngine – Donation and Crowdfunding Platform for WordPress (v

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4...

PT-2025-33931 · Roxnor · Roxnor Fundengine

Name of the Vulnerable Software and Affected Versions: Roxnor FundEngine versions through 1.7.4 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

WordPress plugin FundEngine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-6698

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-6698

CVE-2024-6698: FundEngine – Donation and Crowdfunding Platform for WordPress is vulnerable to privilege escalation in all versions up to and including 1.7.0. The root cause is improper verification of user meta updates performed via update_user_meta, enabling authenticated users with subscriber-l...

CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the updateusermeta function. This makes it possible for authenticated attackers, with subscriber-level...

WordPress FundEngine plugin <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin FundEngine versions = 1.7.0...

PT-2024-37805 · WordPress · Fundengine

Name of the Vulnerable Software and Affected Versions: FundEngine plugin for WordPress versions up to, and including, 1.7.0 Description: The issue is due to the plugin not properly verifying user meta updated through the update user meta function. This allows authenticated attackers, with...

WordPress plugin FundEngine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-34758 WordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4...