Browse all 5 CVE security advisories affecting Kraft Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kraft Plugins develops WordPress extensions to enhance site functionality, with five CVEs recorded to date. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper capability checks. Notable security characteristics include inconsistent sanitization practices and occasional privilege escalation flaws. While no major public incidents have been documented, the plugin's history of vulnerabilities suggests a need for improved security protocols, particularly in handling user-supplied data and access controls. Developers should prioritize updates and implement additional hardening measures to mitigate risks associated with these recurring issues.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25000 | WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability — Wheel of LifeCWE-862 | 5.3 | Medium | 2026-02-19 |
| CVE-2025-69091 | WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability — Demo Importer PlusCWE-862 | 4.3 | Medium | 2025-12-30 |
| CVE-2024-47311 | WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability — Wheel of LifeCWE-862 | 5.3 | Medium | 2024-11-01 |
| CVE-2024-49693 | WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 | 6.5 | Medium | 2024-10-24 |
| CVE-2024-47343 | WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 | 6.5 | Medium | 2024-10-06 |
This page lists every published CVE security advisory associated with Kraft Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.