Browse all 4 CVE security advisories affecting FmeAddons. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FmeAddons develops WordPress plugins and themes, primarily for e-commerce and content management solutions. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The company has accumulated four CVEs to date, with security researchers identifying flaws in their file upload mechanisms and nonce implementations. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Their plugins' widespread adoption increases potential impact, making regular security assessments essential for users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-69052 | WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability — Registration & Login with Mobile Phone Number for WooCommerceCWE-862 | 9.8 | Critical | 2026-01-22 |
| CVE-2025-10484 | Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass — Registration & Login with Mobile Phone Number for WooCommerceCWE-288 | 9.8 | Critical | 2026-01-17 |
| CVE-2025-10300 | TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update — TopBarCWE-352 | 4.3 | Medium | 2025-10-15 |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability — Conditional Checkout Fields for WooCommerceCWE-862 | 5.3 | Medium | 2024-05-17 |
This page lists every published CVE security advisory associated with FmeAddons. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.