Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FantasticPlugins — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting FantasticPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FantasticPlugins develops WordPress plugins for enhancing website functionality, with a history of security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation. Their plugins have accumulated 9 CVEs, often stemming from insufficient input validation and improper access controls. Notable incidents include multiple vulnerabilities allowing attackers to execute arbitrary code or steal sensitive data due to inadequate sanitization of user inputs. The company has faced criticism for slow patch responses and inconsistent security practices, leading to widespread exploitation in vulnerable instances. Their plugins remain popular despite recurring security issues, with many installations remaining unpatched long after fixes are released.

Top products by FantasticPlugins: SUMO Affiliates Pro SUMO Memberships for WooCommerce WooCommerce Recover Abandoned Cart SUMO Reward Points
CVE IDTitleCVSSSeverityPublished
CVE-2026-24989 WordPress SUMO Affiliates Pro plugin < 11.4.0 - PHP Object Injection vulnerability — SUMO Affiliates ProCWE-502 9.8 Critical2026-03-25
CVE-2025-64222 WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability — WooCommerce Recover Abandoned CartCWE-862 7.5 High2025-12-18
CVE-2025-64228 WordPress SUMO Affiliates Pro plugin <= 11.0.0 - Sensitive Data Exposure vulnerability — SUMO Affiliates ProCWE-497 4.3 Medium2025-10-29
CVE-2025-62005 WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability — SUMO Memberships for WooCommerceCWE-352 7.1 High2025-10-22
CVE-2025-60222 WordPress SUMO Memberships for WooCommerce plugin <= 7.8.0 - Privilege Escalation vulnerability — SUMO Memberships for WooCommerceCWE-266 8.8 High2025-10-22
CVE-2025-52757 WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Arbitrary Content Deletion vulnerability — SUMO Memberships for WooCommerceCWE-862 6.5 Medium2025-10-22
CVE-2025-32291 WordPress SUMO Affiliates Pro plugin < 11.1.0 - Arbitrary File Upload vulnerability — SUMO Affiliates ProCWE-434 10.0 Critical2025-06-09
CVE-2025-32925 WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability — SUMO Reward PointsCWE-98 8.3 High2025-05-19
CVE-2025-0956 WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection — WooCommerce Recover Abandoned CartCWE-502 8.1 High2025-03-05

This page lists every published CVE security advisory associated with FantasticPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.