Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34294

Malicious code in bioql PyPI...

6.4CVSS8.9AI score0.00307EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.7 views

CVE-2024-10117

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfdonate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.13 views

CVE-2024-11911

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS6.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.6 views

CVE-2023-47532

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Themeum WP Crowdfunding plugin = 2.1.6 versions...

6.1CVSS5.9AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.8 views

CVE-2023-6163

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00402EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.7 views

CVE-2023-5757

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00451EPSS
Exploits2
NVD
NVD
added 2025/03/12 4:15 a.m.24 views

CVE-2025-1508

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloaddata action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to download...

5.3CVSS0.00389EPSS
Exploits0References3
NVD
NVD
added 2023/11/14 10:15 p.m.20 views

CVE-2023-47532

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Themeum WP Crowdfunding plugin = 2.1.6 versions...

6.1CVSS0.00366EPSS
Exploits0References1
Rows per page
Query Builder