Themeum

Wp Crowdfunding

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-31892

  • EPSS 0.14%
  • Veröffentlicht 01.04.2025 15:16:32
  • Zuletzt bearbeitet 01.04.2025 20:26:01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13.

5.3

CVE-2025-1508

  • EPSS 0.15%
  • Veröffentlicht 12.03.2025 03:21:27
  • Zuletzt bearbeitet 20.03.2025 13:57:41

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with...

8.8

CVE-2023-41870

  • EPSS 0.37%
  • Veröffentlicht 13.12.2024 15:15:25
  • Zuletzt bearbeitet 11.02.2025 14:16:40

Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.

4.3

CVE-2024-11911

  • EPSS 0.12%
  • Veröffentlicht 13.12.2024 09:15:07
  • Zuletzt bearbeitet 11.02.2025 14:21:42

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for ...

5.4

CVE-2024-11910

  • EPSS 0.17%
  • Veröffentlicht 13.12.2024 09:15:06
  • Zuletzt bearbeitet 11.02.2025 14:28:17

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible...

4.3

CVE-2024-43937

  • EPSS 0.11%
  • Veröffentlicht 01.11.2024 15:15:49
  • Zuletzt bearbeitet 08.11.2024 15:57:27

Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.

5.4

CVE-2024-10117

  • EPSS 0.12%
  • Veröffentlicht 26.10.2024 12:15:12
  • Zuletzt bearbeitet 11.02.2025 17:47:46

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attr...

4.8

CVE-2023-6163

Exploit
  • EPSS 0.08%
  • Veröffentlicht 15.01.2024 16:15:12
  • Zuletzt bearbeitet 09.06.2025 21:15:45

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa...

6.1

CVE-2023-6161

Exploit
  • EPSS 0.28%
  • Veröffentlicht 08.01.2024 19:15:10
  • Zuletzt bearbeitet 17.06.2025 15:15:37

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.4

CVE-2023-50859

  • EPSS 0.08%
  • Veröffentlicht 28.12.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:37:25

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.