Browse all 3 CVE security advisories affecting 100plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
100plugins is a WordPress plugin marketplace offering third-party extensions to enhance website functionality. Historically, the platform has been associated with multiple critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and access controls. With three CVEs documented, these issues have potentially exposed thousands of websites to unauthorized access and data breaches. The plugin ecosystem's security posture has been compromised by inconsistent code reviews and delayed patch cycles, leaving administrators vulnerable to exploitation. While no major public incidents have been widely reported, the recurring nature of these vulnerabilities highlights systemic risks in third-party plugin management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68002 | WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability — Open User MapCWE-22 | 6.5 | Medium | 2026-02-20 |
| CVE-2025-57953 | WordPress Open User Map Plugin <= 1.4.14 - Cross Site Scripting (XSS) Vulnerability — Open User MapCWE-79 | 6.5 | Medium | 2025-09-22 |
| CVE-2023-45056 | WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS) — Open User MapCWE-79 | 5.9 | Medium | 2023-10-18 |
This page lists every published CVE security advisory associated with 100plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.