Vulnerabilities > Themeum > WP Crowdfunding > 2.1.10

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2025-1508 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13.
network
low complexity
themeum CWE-862
5.3
2024-12-13 CVE-2024-11910 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping.
network
low complexity
themeum CWE-79
5.4
2024-12-13 CVE-2024-11911 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
network
low complexity
themeum CWE-862
4.3
2024-11-01 CVE-2024-43937 Missing Authorization vulnerability in Themeum WP Crowdfunding
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
network
low complexity
themeum CWE-862
4.3
2024-10-26 CVE-2024-10117 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeum CWE-79
5.4