Vulnerabilities and security researches forcrowdfunding-for-woocommerce crowdfunding-for-woocommerce

Apr 14, 2025

CVE, Research URL: CVE-2025-32628
Home page URL: Security reports for Crowdfunding for WooCommerce
Application: Crowdfunding for WooCommerce
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce allows Reflected XSS. This issue affects Crowdfunding for WooCommerce: from n/a through 3.1.12.
Affected versions: Min -, max -.
Status: vulnerable

Jul 19, 2025

CVE, Research URL: CVE-2025-5767
Home page URL: Security reports for Crowdfunding for WooCommerce
Application: Crowdfunding for WooCommerce
Date: Jul 18, 2025
Research Description: The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable