2025-03-12 03:21:27
Wordfence
PUBLISHED
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a sites post content when WooCommerce is installed.