Wp Crowdfunding Security Vulnerabilities and Issues — Wp Crowdfunding CVE List

ThemeumWp Crowdfunding

11 matches found

CVE•added 2025/03/12 3:21 a.m.•70 views

CVE-2025-1508

CVE-2025-1508 affects the WordPress WP Crowdfunding plugin up to version 2.1.13. It results from a missing capability check on the download_data action, allowing authenticated users with subscriber-level access and above to download all post content when WooCommerce is installed. The vulnerabilit...

5.3CVSS8.6AI score0.00389EPSS

CVE•added 2024/01/15 3:10 p.m.•57 views

CVE-2023-6163

CVE-2023-6163 affects the WP Crowdfunding WordPress plugin prior to 2.1.10, where some settings are not sanitised/escaped. This can allow high-privilege users (e.g., admins) to perform Stored XSS, including in multisite environments, via vulnerable settings such as Crowdfunding > Settings >...

4.8CVSS4.7AI score0.00402EPSS

CVE•added 2024/12/13 2:24 p.m.•56 views

CVE-2023-41870

CVE-2023-41870 affects the WP Crowdfunding plugin by Themeum (WordPress) up to version 2.1.5. The issue is a Missing Authorization/Improper Access Control vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access to restricted areas. Red Hat and P...

8.8CVSS8.5AI score0.00636EPSS

CVE•added 2024/01/08 7:0 p.m.•55 views

CVE-2023-6161

The WP Crowdfunding WordPress plugin prior to 2.1.9 is affected by a Reflected Cross-Site Scripting (XSS) flaw: it does not sanitize/escape an input parameter before echoing it back in the page, enabling injection that could affect high-privilege accounts (e.g., admins). Technical details across ...

6.1CVSS6AI score0.0042EPSS

Web

CVE•added 2024/10/26 11:18 a.m.•52 views

CVE-2024-10117

CVE-2024-10117 concerns the WP Crowdfunding plugin for WordPress. A stored XSS flaw exists in the wpcf_donate shortcode across all versions up to and including 2.1.11, caused by insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authenticated a...

6.4CVSS5.9AI score0.0036EPSS

CVE•added 2023/12/11 7:22 p.m.•51 views

CVE-2023-5757

The CVE-2023-5757 issue affects the WP Crowdfunding WordPress plugin

4.8CVSS4.7AI score0.00451EPSS

CVE•added 2024/12/13 8:24 a.m.•48 views

CVE-2024-11910

CVE-2024-11910 affects the WP Crowdfunding plugin for WordPress. It enables Stored XSS via the wp-crowdfunding/search block in all versions up to 2.1.12, exploitable by authenticated attackers with Contributor-level access or higher. The root cause is insufficient input sanitization and output es...

6.4CVSS7.4AI score0.00307EPSS

CVE•added 2024/11/01 2:17 p.m.•48 views

CVE-2024-43937

CVE-2024-43937 corresponds to a Missing Authorization vulnerability in WP Crowdfunding (Themeum) affecting WP Crowdfunding versions n/a through 2.1.10. Connected sources (PT-2024-30798) describe the issue as an unauthorized access/configuration flaw that lets attackers enable/disable addons due t...

6.4CVSS5.4AI score0.00348EPSS

CVE•added 2024/12/13 8:24 a.m.•44 views

CVE-2024-11911

CVE-2024-11911 concerns the WP Crowdfunding plugin for WordPress. A missing capability check in the install_woocommerce_plugin() action allows authenticated users with Subscriber+ rights to install WooCommerce on all versions up to 2.1.12. Impact is limited since WooCommerce is typically required...

4.3CVSS4.4AI score0.00267EPSS

CVE•added 2023/12/28 10:16 a.m.•39 views

CVE-2023-50859

The CVE-2023-50859 issue affects WordPress WP Crowdfunding (Themeum) up to version 2.1.6 and is a Stored XSS caused by improper neutralization of input during web page generation. Red Hat and Patchstack entries confirm the same vulnerability with the same affected software and indicate a patch ha...

6.5CVSS6.7AI score0.00277EPSS

CVE•added 2023/11/14 9:14 p.m.•27 views

CVE-2023-47532

CVE-2023-47532 describes an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability in the Themeum WP Crowdfunding plugin for WordPress, affecting versions

6.1CVSS5.8AI score0.00366EPSS