cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-fundraising-donation wp-fundraising-donation

Direction: ascending
Jun 07, 2024

FundEngine – Donation and Crowdfunding Platform # CVE-2022-0788

CVE, Research URL

CVE-2022-0788

Home page URL

Security reports for FundEngine – Donation and Crowdfunding Platform

Application

FundEngine – Donation and Crowdfunding Platform

Date
Jun 08, 2022
Research Description
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
Affected versions
Min -, max -.
Status
vulnerable

FundEngine – Donation and Crowdfunding Platform # CVE-2024-34758

CVE, Research URL

CVE-2024-34758

Home page URL

Security reports for FundEngine – Donation and Crowdfunding Platform

Application

FundEngine – Donation and Crowdfunding Platform

Date
Jun 11, 2024
Research Description
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4.
Affected versions
Min -, max -.
Status
vulnerable
Aug 02, 2024

FundEngine – Donation and Crowdfunding Platform # CVE-2024-6698

CVE, Research URL

CVE-2024-6698

Home page URL

Security reports for FundEngine – Donation and Crowdfunding Platform

Application

FundEngine – Donation and Crowdfunding Platform

Date
Aug 01, 2024
Research Description
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.
Affected versions
Min -, max -.
Status
vulnerable
May 09, 2025

FundEngine – Donation and Crowdfunding Platform # CVE-2025-47459

CVE, Research URL

CVE-2025-47459

Home page URL

Security reports for FundEngine – Donation and Crowdfunding Platform

Application

FundEngine – Donation and Crowdfunding Platform

Date
May 07, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery. This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.7.3.
Affected versions
Min -, max -.
Status
vulnerable