Wp Crowdfunding
by Themeum
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31892 | Med | 0.42 | 6.5 | 0.00 | Apr 1, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15. | ||
| CVE-2023-50859 | Med | 0.42 | 6.5 | 0.00 | Dec 28, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6. | ||
| CVE-2024-11910 | Med | 0.35 | 6.4 | 0.00 | Dec 13, 2024 | The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | ||
| CVE-2023-41870 | Med | 0.28 | 4.3 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | ||
| CVE-2025-1508 | Med | 0.27 | 5.3 | 0.00 | Mar 12, 2025 | The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and… | ||
| CVE-2024-11911 | 0.00 | — | 0.00 | Dec 13, 2024 | The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with… | |||
| CVE-2024-43937 | 0.00 | — | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | |||
| CVE-2024-10117 | 0.00 | — | 0.00 | Oct 26, 2024 | The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | |||
| CVE-2023-47532 | 0.00 | — | 0.00 | Nov 14, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.
- risk 0.35cvss 6.4epss 0.00
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
- risk 0.27cvss 5.3epss 0.00
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and…
- CVE-2024-11911Dec 13, 2024risk 0.00cvss —epss 0.00
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with…
- CVE-2024-43937Nov 1, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
- CVE-2024-10117Oct 26, 2024risk 0.00cvss —epss 0.00
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- CVE-2023-47532Nov 14, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.