Browse all 6 CVE security advisories affecting Essential Plugin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Essential Plugin serves as a widely used WordPress extension for enhancing site functionality with customizable features and integrations. Historically, it has been susceptible to multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and improper access controls. Privilege escalation issues have also been documented, allowing unauthorized users to gain elevated permissions. The plugin's six recorded CVEs highlight recurring security flaws in its authentication mechanisms and data handling processes. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests a need for rigorous security updates and careful implementation by users handling sensitive data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-46845 | WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability — Slider a SlidersPackCWE-862 | 5.3 | Medium | 2025-12-09 |
| CVE-2025-67470 | WordPress Portfolio and Projects plugin <= 1.5.5 - Sensitive Data Exposure vulnerability — Portfolio and ProjectsCWE-497 | 4.3 | Medium | 2025-12-09 |
| CVE-2025-66106 | WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability — Featured Post CreativeCWE-862 | 4.3 | Medium | 2025-11-21 |
| CVE-2025-32152 | WordPress Slider a SlidersPack Plugin <= 2.3 - Local File Inclusion vulnerability — Slider a SlidersPackCWE-98 | 7.5 | High | 2025-04-04 |
| CVE-2025-22305 | WordPress Hero Banner Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability — Hero Banner UltimateCWE-98 | 6.5 | Medium | 2025-01-07 |
| CVE-2024-47307 | WordPress Meta Slider and Carousel with Lightbox plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability — Meta slider and carousel with lightboxCWE-79 | 6.5 | Medium | 2024-10-06 |
This page lists every published CVE security advisory associated with Essential Plugin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.