CVE-2025-1508

by Fred · 12/03/2025

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site’s post content when WooCommerce is installed.

Assigner : cve-request@wordfence.com

More information : https://wordpress.org/plugins/wp-crowdfunding/

CVE-2025-1508

Similar

Recent Posts

Categories

CVE-2025-1508

Share this:

Similar

Recent Posts

Categories

Tags