Browse all 4 CVE security advisories affecting FmeAddons. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FmeAddons develops WordPress plugins and themes, primarily for e-commerce and content management solutions. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The company has accumulated four CVEs to date, with security researchers identifying flaws in their file upload mechanisms and nonce implementations. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Their plugins' widespread adoption increases potential impact, making regular security assessments essential for users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-10300 | TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update — TopBarCWE-352 | 4.3 | Medium | 2025-10-15 |
This page lists every published CVE security advisory associated with FmeAddons. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.