cleantalk
Vulnerabilities and Security Researches

FundPress – WordPress Donation Plugin, CVE-2025-24601

CVE, Research URL

CVE-2025-24601

Home page URL

Security reports for FundPress – WordPress Donation Plugin

Application

FundPress – WordPress Donation Plugin

Published on
Jan 27, 2025
Research Description
Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.
Affected versions
max 2.0.7.
Status
vulnerable
Previous vulnerability researches
FundPress – WordPress Donation Plugin (CVE-2026-4650) , May 04, 2026
FundPress – WordPress Donation Plugin (CVE-2025-24601) , Jan 29, 2025
New vulnerability
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2026-4100) , May 04, 2026
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup (CVE-2026-7649) , May 04, 2026
FundPress – WordPress Donation Plugin (CVE-2026-4650) , May 04, 2026
Import and export users and customers (CVE-2026-7641) , May 04, 2026
NextMove Lite – Thank You Page for WooCommerce (CVE-2026-0703) , May 04, 2026