Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

A WP Life — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting A WP Life. AI-powered Chinese analysis, POCs, and references for each vulnerability.

A WP Life is a WordPress theme provider offering website templates for personal blogs and small business sites. Historically, the themes have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation, with 19 CVEs recorded. Common vulnerabilities stem from insufficient input validation and improper access controls. Notable security characteristics include regular vulnerabilities in theme options and custom post types, with some instances allowing complete site compromise. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations.

Top products by A WP Life: Contact Form Widget Album Gallery – WordPress Gallery Slider Responsive Slideshow – Image slider, Gallery slideshow Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery Blog Filter Event Monster – Event Management, Tickets Booking, Upcoming Event Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow Event Management Tickets Booking Right Click Disable OR Ban Login Page Customizer – Customizer Login Page, Admin Page, Custom Design Modal Popup Box
CVE IDTitleCVSSSeverityPublished
CVE-2026-39517 WordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability — Blog FilterCWE-79 6.5 Medium2026-04-08
CVE-2026-22346 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability — Slider Responsive Slideshow – Image slider, Gallery slideshowCWE-502 8.8 High2026-02-20
CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability — Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry GalleryCWE-502 8.8 High2026-02-20
CVE-2025-68526 WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability — Modal Popup BoxCWE-502 8.8 High2026-02-20
CVE-2025-62134 WordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability — Contact Form WidgetCWE-352 5.4 Medium2025-12-31
CVE-2025-69033 WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability — Blog FilterCWE-79 6.5 Medium2025-12-30
CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability — Login Page Customizer – Customizer Login Page, Admin Page, Custom DesignCWE-862 6.5 Medium2025-12-18
CVE-2025-47491 WordPress Contact Form Widget plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability — Contact Form WidgetCWE-352 7.4 High2025-05-07
CVE-2025-39548 WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability — Right Click Disable OR BanCWE-352 7.1 High2025-04-16
CVE-2024-48037 WordPress Contact Form Widget plugin <= 1.4.2 - CSRF vulnerability — Contact Form WidgetCWE-352 5.4 Medium2024-10-17
CVE-2024-5059 WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability — Event Management Tickets BookingCWE-200 5.3 Medium2024-06-21
CVE-2024-35717 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability — Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal SlideshowCWE-862 4.3 Medium2024-06-10
CVE-2024-35720 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability — Album Gallery – WordPress GalleryCWE-862 4.3 Medium2024-06-10
CVE-2024-35721 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability — Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry GalleryCWE-862 4.3 Medium2024-06-10
CVE-2024-35722 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability — Slider Responsive Slideshow – Image slider, Gallery slideshowCWE-862 4.3 Medium2024-06-10
CVE-2024-34754 WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability — Contact Form WidgetCWE-200 5.3 Medium2024-06-03
CVE-2024-34377 WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability — Video Gallery – Api Gallery, YouTube and Vimeo, Link GalleryCWE-862 4.3 Medium2024-05-06
CVE-2023-47525 WordPress Event Management Tickets Booking Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) — Event Monster – Event Management, Tickets Booking, Upcoming EventCWE-79 5.9 Medium2023-12-21
CVE-2023-23646 WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) — Album Gallery – WordPress GalleryCWE-352 4.3 Medium2023-07-17

This page lists every published CVE security advisory associated with A WP Life. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.