Themeum Wp Crowdfunding
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Themeum Wp Crowdfunding.
By the Year
In 2026 there have been 0 vulnerabilities in Themeum Wp Crowdfunding. Last year, in 2025 Wp Crowdfunding had 2 security vulnerabilities published. Right now, Wp Crowdfunding is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 5.30 |
| 2024 | 7 | 5.87 |
| 2023 | 3 | 5.43 |
It may take a day or so for new Wp Crowdfunding vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Themeum Wp Crowdfunding Security Vulnerabilities
WP Crowdfunding <=2.1.13: Stored XSS Vulnerability
CVE-2025-31892
- April 01, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15.
XSS
WP Crowdfunding <=2.1.13 - Unrestricted Data Download via Missing Cap Check
CVE-2025-1508
5.3 - Medium
- March 12, 2025
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed.
AuthZ
Themeum WP Crowdfunding Missing Auth Vulnerability (2.1.5)
CVE-2023-41870
8.8 - High
- December 13, 2024
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
AuthZ
WP Crowdfunding Plugin: Unauthorized Plugin Installation Vulnerability
CVE-2024-11911
4.3 - Medium
- December 13, 2024
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.
AuthZ
Stored XSS Vulnerability in WP Crowdfunding Plugin
CVE-2024-11910
6.4 - Medium
- December 13, 2024
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Missing Auth in Themeum WP Crowdfunding <=2.1.10 (Unconfigured ACL)
CVE-2024-43937
4.3 - Medium
- November 01, 2024
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
AuthZ
WP Crowdfunding 2.1.11: Stored XSS via wpcf_donate
CVE-2024-10117
6.4 - Medium
- October 26, 2024
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
WP Crowdfunding <2.1.10 Stored XSS via Unsanitized Settings
CVE-2023-6163
4.8 - Medium
- January 15, 2024
The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
XSS
WP Crowdfunding 2.1.9: Reflected XSS via Unsanitised Parameter
CVE-2023-6161
6.1 - Medium
- January 08, 2024
The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
XSS
WP Crowdfunding <=2.1.6 Stored XSS CVE-2023-50859
CVE-2023-50859
5.4 - Medium
- December 28, 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.
XSS
WP Crowdfunding <2.1.8: Stored XSS via unsanitized settings
CVE-2023-5757
4.8 - Medium
- December 11, 2023
The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
XSS
Unauth Reflected XSS in Themeum WP Crowdfunding <= 2.1.6
CVE-2023-47532
6.1 - Medium
- November 14, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Themeum Wp Crowdfunding or by Themeum? Click the Watch button to subscribe.
