Browse all 5 CVE security advisories affecting Arrow Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arrow Plugins develops WordPress security plugins focused on access control and malware protection. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper privilege management. Five CVEs have been recorded, with critical issues allowing authenticated attackers to execute arbitrary code or bypass security restrictions. While no major public incidents have been documented, the consistent pattern of vulnerabilities in their access control mechanisms suggests potential risks for organizations relying on these plugins for security hardening.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31897 | WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — Arrow Custom Feed for TwitterCWE-79 | 6.5 | Medium | 2025-04-01 |
| CVE-2025-28858 | WordPress Arrow Maps plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability — Arrow MapsCWE-79 | 7.1 | High | 2025-03-26 |
| CVE-2023-46077 | WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) — The Awesome Feed – Custom FeedCWE-79 | 7.1 | High | 2023-10-26 |
| CVE-2023-45003 | WordPress Social Feed Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) — Social Feed | Custom Feed for Social Media NetworksCWE-79 | 7.1 | High | 2023-10-17 |
| CVE-2023-44264 | WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) — The Awesome Feed – Custom FeedCWE-79 | 6.5 | Medium | 2023-10-02 |
This page lists every published CVE security advisory associated with Arrow Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.