Browse all 9 CVE security advisories affecting Kraftplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kraftplugins develops WordPress plugins primarily for e-commerce and marketing functionality, with 9 CVEs recorded to date. Historically, their plugins have frequently contained stored cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often due to insufficient input sanitization and improper file handling. Several critical issues allowed attackers to execute arbitrary code or escalate privileges through insecure direct object references. While no major public security incidents have been documented, their vulnerability history suggests consistent problems with access controls and data validation, requiring users to maintain strict versioning and apply patches promptly to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8200 | Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget — Mega Elements – Addons for ElementorCWE-79 | 6.4 | Medium | 2025-09-26 |
| CVE-2024-4702 | Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Mega Elements – Addons for ElementorCWE-79 | 6.4 | Medium | 2024-05-15 |
This page lists every published CVE security advisory associated with Kraftplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.