Fundengine – Donation And Crowdfunding Platform
Approved changes feed: RSS · Atom
cpe:2.3:a:roxnor:fundengine_–_donation_and_crowdfunding_platform:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Roxnor (30f963bc-c503-5cb4-ba58-0f6bd7aae986) |
|---|---|
| Product | Fundengine – Donation And Crowdfunding Platform (73c8aee4-6f50-5d8a-8b63-d9ece609f248) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6698 |
vulnerable | 2026-06-03 14:58:03.896044 |
FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation
HIGH (8.8)
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.
Published: 2024-08-01T03:29:58.918Z
Updated: 2026-04-08T16:44:31.024Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.