Browse all 4 CVE security advisories affecting HM Plugin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HM Plugin is a WordPress extension designed to enhance website functionality through customizable features and integrations. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, with four CVEs currently documented. The plugin's security posture has been compromised due to insufficient input validation and improper access controls, allowing attackers to execute unauthorized commands or compromise user accounts. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, emphasizing the need for regular updates and security hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-48288 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure — WordPress Job Board and Recruitment Plugin – JobWPCWE-200 | 7.5 | High | 2023-12-21 |
| CVE-2023-29384 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.0 is vulnerable to Arbitrary File Upload — WordPress Job Board and Recruitment Plugin – JobWPCWE-434 | 10.0 | Critical | 2023-12-20 |
| CVE-2023-23705 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) — WordPress Books GalleryCWE-352 | 4.3 | Medium | 2023-05-23 |
| CVE-2022-47422 | WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) — Accept Stripe Donation – AidWPCWE-352 | 4.3 | Medium | 2023-03-14 |
This page lists every published CVE security advisory associated with HM Plugin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.