CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43937 – WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-43937
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addon_enable_disable() function in all versions up to, and including, 2.1.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable/disable addons. • https://patchstack.com/database/vulnerability/wp-crowdfunding/wordpress-wp-crowdfunding-plugin-2-1-10-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41870 – WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset
https://notcve.org/view.php?id=CVE-2023-41870
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized settings reset due to a missing capability check on the settings_reset function in versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset plugin settings. • CWE-862: Missing Authorization •