KOHA
Company Details
Linkedin ID:
koha.life
Website:
Employees number:
6
Number of followers:
239
NAICS:
561499
Industry Type:
Homepage:
kohafundraising.com
IP Addresses:
0
Company ID:
KOH_1523093
Scan Status:
In-progress
KOHA Company CyberSecurity Posture
kohafundraising.com
KOHA was founded with the vision of strengthening communities by supporting local business. Our team witnessed first-hand that genuine partnership between local businesses and the people they serve is critical for communities to thrive and support small businesses sustainability. This led to our development a model that facilitates true reciprocity between businesses and their customers – a way to drive revenue for local businesses, while rewarding loyal customers and supporting community initiatives. KOHA is an app that helps support small businesses while giving back to local schools and nonprofit organizations. It promotes small businesses to school and nonprofit audiences and increases foot traffic and sales. In turn, small business owners give back a small percentage of every transaction completed through KOHA that goes back to the school or nonprofit that the customer chooses. No extra work for the owner, everything is automated on the app: snap a pic of your receipt and a donation is made to the organization the user chooses.
KOHA A.I CyberSecurity Scoring
KOHA Risk Score (AI oriented)Between 750 and 799
KOHA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
KOHA Global Score (TPRM)XXXX
KOHA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
KOHA Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
KOHA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for KOHA
Incidents vs Fundraising Industry Average (This Year)
No incidents recorded for KOHA in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for KOHA in 2025.
Incident Types KOHA vs Fundraising Industry Avg (This Year)
No incidents recorded for KOHA in 2025.
Incident History — KOHA (X = Date, Y = Severity)
KOHA cyber incidents detection timeline including parent company and subsidiaries
KOHA Company Subsidiaries
KOHA was founded with the vision of strengthening communities by supporting local business. Our team witnessed first-hand that genuine partnership between local businesses and the people they serve is critical for communities to thrive and support small businesses sustainability. This led to our development a model that facilitates true reciprocity between businesses and their customers – a way to drive revenue for local businesses, while rewarding loyal customers and supporting community initiatives. KOHA is an app that helps support small businesses while giving back to local schools and nonprofit organizations. It promotes small businesses to school and nonprofit audiences and increases foot traffic and sales. In turn, small business owners give back a small percentage of every transaction completed through KOHA that goes back to the school or nonprofit that the customer chooses. No extra work for the owner, everything is automated on the app: snap a pic of your receipt and a donation is made to the organization the user chooses.
Loading...
KOHA Similar Companies
Donately
Donately is a cause leader’s best friend. We love our customers because they are dedicated risk-takers, change makers, and problem-solvers. After building hundreds of websites, we understand that simplicity is the key to how causes tell their stories that people rally around. We saw that our client
Carmel High School Foundation
The Carmel High School Foundation is committed to supporting academic excellence and the educational pursuits of its student through grants, fundraising, and public campaigns. The Foundation raises its money through the generous support of the community and works to build strong, sustainable relatio
Hermitage Museum Foundation USA
The Hermitage Museum Foundation (USA) contributes to the preservation and promotion of the rich cultural heritage of the Hermitage Museum in St. Petersburg, Russia, its more than three million objects and the Museum’s historic buildings. The HMF raises funds for restoration and conservation projects
Produzioni dal Basso
Produzioni dal Basso è una delle prime piattaforme di crowdfunding nate in Europa, è una piattaforma storica ed è una della più grandi comunità italiane di autoproduzione on line. È una piattaforma reward/donation-based cioè predisposta sia per progetti che prevedano donazioni in cambio di ricomp
Oregon Zoo Foundation
The zoo provides comprehensive care for the animals. Donations from individuals and organizations elevate that care – giving the zoo’s veterinarians, keepers and wildlife experts the resources they need where they’re needed most. Every animal you’ll see at the zoo, and many of their wild counterpart
Framingham Public Library Foundation
The Foundationâs short-term goal is to raise funds to help offset the cost of building a new McAuliffe Branch Library. Its long-term goal is to create an endowment fund that will supplement, but not replace, funds received from the Town of Framingham. As the Foundation is a 501(c)(3) organization,
.png)
KOHA CyberSecurity News
November 13, 2025 07:19 PM
IPKO successfully closes the third edition of the Cyber Security Conference - Innovation, Partnership and Digital Sustainability in the spotlight
IPKO Telecommunications, in collaboration with Telekom Slovenije, successfully organized the Third Cybersecurity Conference,...
November 11, 2025 01:38 PM
IPKO and Whalebone join forces for advanced cyber protection in Kosovo
IPKO Telecommunications has signed a cooperation agreement with the international cybersecurity company Whalebone, bringing for the first...
July 18, 2025 07:00 AM
Specialized cyber security unit formed at the Ministry of Internal Affairs
A new specialized cybersecurity unit has been formed within the Ministry of Internal Affairs. It will be responsible for the protection and.
July 17, 2025 07:00 AM
Telekom will invest 2028 million euros in digital infrastructure by 40
The Minister of Digital Transformation, Stefan Andonovski, and the CEO of Telecom Macedonia, Goran Markovic, signed the Memorandum of...
May 08, 2025 07:00 AM
IPKO and RTV21 bring the third season of "Cyber Zone"
This series tackles critical topics of cybersecurity and the impact of technology on our daily lives, bringing true stories, tangible risks, and practical...
April 12, 2025 07:00 AM
Experts warn of continued cyberattacks from Serbia and Russia
Cybersecurity experts have said that these attacks originated in Serbia and Russia and that the goal was to block access to websites by overloading them with...
April 10, 2025 07:00 AM
"Trainkos" says it is facing external cyber attacks
The public enterprise Kosovo Railways "Trainkos" announced on Thursday that its official website is facing successive external cyber attacks.
March 26, 2025 07:00 AM
Cybersecurity, Elshani: Kosovo must increase capacities in the field of defense
Driart Elshani, a cybersecurity expert, said that there is a need for the defense sector in Kosovo to increase its capacities in terms of cybersecurity.
February 11, 2025 08:00 AM
Cybersecurity experts highlight shortcomings on the CEC website
This is a major risk to the security of systems and users at the national level. This situation requires urgent measures to prevent the spread...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
KOHA CyberSecurity History Information
Official Website of KOHA
The official website of KOHA is https://www.kohafundraising.com.
KOHA’s AI-Generated Cybersecurity Score
According to Rankiteo, KOHA’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does KOHA’ have ?
According to Rankiteo, KOHA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does KOHA have SOC 2 Type 1 certification ?
According to Rankiteo, KOHA is not certified under SOC 2 Type 1.
Does KOHA have SOC 2 Type 2 certification ?
According to Rankiteo, KOHA does not hold a SOC 2 Type 2 certification.
Does KOHA comply with GDPR ?
According to Rankiteo, KOHA is not listed as GDPR compliant.
Does KOHA have PCI DSS certification ?
According to Rankiteo, KOHA does not currently maintain PCI DSS compliance.
Does KOHA comply with HIPAA ?
According to Rankiteo, KOHA is not compliant with HIPAA regulations.
Does KOHA have ISO 27001 certification ?
According to Rankiteo,KOHA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of KOHA
KOHA operates primarily in the Fundraising industry.
Number of Employees at KOHA
KOHA employs approximately 6 people worldwide.
Subsidiaries Owned by KOHA
KOHA presently has no subsidiaries across any sectors.
KOHA’s LinkedIn Followers
KOHA’s official LinkedIn profile has approximately 239 followers.
NAICS Classification of KOHA
KOHA is classified under the NAICS code 561499, which corresponds to All Other Business Support Services.
KOHA’s Presence on Crunchbase
No, KOHA does not have a profile on Crunchbase.
KOHA’s Presence on LinkedIn
Yes, KOHA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/koha.life.
Cybersecurity Incidents Involving KOHA
As of December 21, 2025, Rankiteo reports that KOHA has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
KOHA has an estimated 1,146 peer or competitor companies worldwide.
KOHA CyberSecurity History Information
How many cyber incidents has KOHA faced ?
Total Incidents: According to Rankiteo, KOHA has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at KOHA ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L104
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L94
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3420841%40ajax-search-for-woocommerce%2Ftrunk&old=3398612%40ajax-search-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=#file136
- https://wordpress.org/plugins/ajax-search-for-woocommerce
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8149103e-105d-401d-8a15-b07d131baaac?source=cve
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3421362%40ultimate-member%2Ftrunk&old=3408617%40ultimate-member%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=koha.life' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
