cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11910,https://securityvulnerability.io/vulnerability/CVE-2024-11910,Stored Cross-Site Scripting Vulnerability in WP Crowdfunding Plugin,"The WP Crowdfunding plugin for WordPress is affected by a vulnerability that enables stored cross-site scripting (XSS) due to insufficient sanitization of input and inadequate escaping of output within the wp-crowdfunding/search block. This vulnerability allows authenticated attackers, particularly those with Contributor-level access or higher, to embed arbitrary web scripts into pages. Such scripts execute in the context of the user's session when they access the compromised pages. As a result, this could lead to unauthorized actions, data exposure, and a compromised user experience.",Wordpress,WP Crowdfunding,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-12-13T08:24:50.965Z,0
CVE-2024-11911,https://securityvulnerability.io/vulnerability/CVE-2024-11911,Unauthorized Plugin Installation Vulnerability in WP Crowdfunding Plugin Affects Sites,"The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.",Wordpress,WP Crowdfunding,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-13T08:24:50.235Z,0
CVE-2024-10117,https://securityvulnerability.io/vulnerability/CVE-2024-10117,Stored Cross-Site Scripting Vulnerability in WP Crowdfunding Plugin,"The WP Crowdfunding plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks. This security flaw resides in the wpcf_donate shortcode, where user-supplied attributes are not properly sanitized or escaped. As a result, authenticated users with contributor-level access or higher can inject arbitrary scripts into pages. When other users access these compromised pages, the malicious scripts will execute, potentially leading to various security issues, including data theft and unauthorized actions. Users and administrators of WordPress sites utilizing this plugin should take necessary precautions to mitigate the risks associated with this vulnerability.",Wordpress,WP Crowdfunding,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-26T11:18:19.212Z,0
CVE-2023-6163,https://securityvulnerability.io/vulnerability/CVE-2023-6163,WP Crowdfunding < 2.1.10 - Admin+ Stored XSS,"The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,WP Crowdfunding,4.8,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-15T15:10:41.014Z,0
CVE-2023-5757,https://securityvulnerability.io/vulnerability/CVE-2023-5757,WP Crowdfunding < 2.1.8 - Admin+ Stored XSS,"The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,WP Crowdfunding,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-12-11T20:15:00.000Z,0
CVE-2022-0788,https://securityvulnerability.io/vulnerability/CVE-2022-0788,WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi,"The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users",Wordpress,WP Fundraising Donation And Crowdfunding Platform,9.8,CRITICAL,0.068790003657341,false,,false,false,false,,false,false,2022-06-08T10:15:00.000Z,0