2 matches found
CVE-2022-0788
WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 has an unauthenticated SQL injection via a REST route due to not sanitizing/escaping a parameter in a SQL statement. Impact per connected data: potential data disclosure, data modification, and potentially unauthorize...
CVE-2024-6698
CVE-2024-6698: FundEngine – Donation and Crowdfunding Platform for WordPress is vulnerable to privilege escalation in all versions up to and including 1.7.0. The root cause is improper verification of user meta updates performed via update_user_meta, enabling authenticated users with subscriber-l...