VYPR

Crowdfunding Script

by Crowdfunding Script Project

CVEs (5)

  • CVE-2017-17578CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.

  • CVE-2024-11910MedDec 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2025-1508MedMar 12, 2025
    risk 0.27cvss 5.3epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and…

  • CVE-2024-11911Dec 13, 2024
    risk 0.00cvss epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with…

  • CVE-2024-10117Oct 26, 2024
    risk 0.00cvss epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…