CVE-2025-1508

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.13

Description: The issue is related to a missing capability check on the download data action. This allows authenticated attackers with subscriber-level access and above to download all of a site's post content when WooCommerce is installed.

Recommendations: For WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.13, update to a version higher than 2.1.13 to resolve the issue. As a temporary workaround, consider restricting access to the download data action to prevent unauthorized data access.