Vulnerabilities > Themeum > WP Crowdfunding > 2.1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-12 | CVE-2025-1508 | Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. | 5.3 |
| 2024-12-13 | CVE-2024-11910 | Cross-site Scripting vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2024-11911 | Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. | 4.3 |
| 2024-11-01 | CVE-2024-43937 | Missing Authorization vulnerability in Themeum WP Crowdfunding Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | 4.3 |
| 2024-10-26 | CVE-2024-10117 | Cross-site Scripting vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |