Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fullworks — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting Fullworks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fullworks develops WordPress management and automation tools for small businesses, with 16 CVEs recorded primarily involving stored cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities in its plugin integrations. Historically, common weaknesses include insufficient input validation and improper access controls leading to privilege escalation. Notable security characteristics include frequent updates addressing authentication bypass flaws, though no major public incidents have been documented. The company's plugins often interact with multiple WordPress components, creating complex attack surfaces where SQL injection and file inclusion vulnerabilities have periodically emerged, requiring prompt patching by users.

Top products by Fullworks: Quick Paypal Payments Quick Event Manager Quick Contact Form Display Eventbrite Events Meet My Team (WordPress plugin) Simple Shortcode for Google Maps
CVE IDTitleCVSSSeverityPublished
CVE-2026-39535 WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability — Display Eventbrite EventsCWE-862 5.3 Medium2026-04-08
CVE-2025-27003 WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability — Quick Paypal PaymentsCWE-352 4.3 Medium2025-09-05
CVE-2025-47510 WordPress Display Eventbrite Events plugin < 6.3 - Local File Inclusion Vulnerability — Display Eventbrite EventsCWE-98 7.5 High2025-05-07
CVE-2023-23975 WordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerability — Quick Event ManagerCWE-862 5.3 Medium2024-12-09
CVE-2023-25035 WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability — Quick Contact FormCWE-862 6.5 Medium2024-12-09
CVE-2023-25714 WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability — Quick Paypal PaymentsCWE-862 7.5 High2024-12-09
CVE-2024-10621 Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Shortcode for Google MapsCWE-80 6.4 Medium2024-11-08
CVE-2023-23889 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) — Quick Paypal PaymentsCWE-79 6.5 Medium2023-04-25
CVE-2022-47608 WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) — Quick Contact FormCWE-79 5.9 Medium2023-04-25
CVE-2023-25713 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) — Quick Paypal PaymentsCWE-79 7.1 High2023-04-07
CVE-2023-25702 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) — Quick Paypal PaymentsCWE-79 5.9 Medium2023-04-07
CVE-2023-23885 WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) — Quick Contact FormCWE-79 6.5 Medium2023-04-07
CVE-2023-23979 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS) — Quick Event ManagerCWE-79 7.1 High2023-04-06
CVE-2022-46863 WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS) — Quick Event ManagerCWE-79 5.9 Medium2023-03-28
CVE-2023-23974 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF) — Quick Event ManagerCWE-352 5.4 Medium2023-03-01
CVE-2022-37339 WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Meet My Team (WordPress plugin)CWE-79 4.1 Medium2022-09-23

This page lists every published CVE security advisory associated with Fullworks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.