Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Magazine3 — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting Magazine3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Magazine3 is a WordPress theme designed for online publications and magazines, focusing on content display and monetization. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The theme's 19 recorded CVEs highlight consistent security flaws, often stemming from insufficient input validation and improper access controls. Notable incidents include multiple RCE vulnerabilities that allowed attackers to execute arbitrary code on affected sites, as well as XSS issues enabling malicious script injection. These vulnerabilities typically stem from the theme's extensive use of shortcodes and inadequate sanitization of user inputs, posing significant risks to website integrity and data security.

Top products by Magazine3: Schema & Structured Data for WP & AMP Easy Table of Contents PWA for WP – Progressive Web Apps Made Simple Core Web Vitals & PageSpeed Booster PWA for WP & AMP Google Adsense & Banner Ads by AdsforWP Web Stories Enhancer – Level Up Your Web Stories WP Multilang
CVE IDTitleCVSSSeverityPublished
CVE-2026-32343 WordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerability — Easy Table of ContentsCWE-352 4.3 Medium2026-03-13
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Table of ContentsCWE-79 6.4 Medium2026-02-19
CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema — Schema & Structured Data for WP & AMPCWE-79 6.4 Medium2026-01-23
CVE-2025-11502 Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting — Schema & Structured Data for WP & AMPCWE-79 6.4 Medium2025-11-01
CVE-2025-49307 WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability — WP MultilangCWE-98 7.5 High2025-06-06
CVE-2024-13575 Web Stories Enhancer – Level Up Your Web Stories <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Web Stories Enhancer – Level Up Your Web StoriesCWE-79 6.4 Medium2025-02-18
CVE-2024-38751 WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability — Google Adsense & Banner Ads by AdsforWPCWE-352 4.3 Medium2025-01-02
CVE-2023-25469 WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability — Easy Table of ContentsCWE-862 5.4 Medium2024-12-09
CVE-2024-47318 WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability — PWA for WP & AMPCWE-862 4.3 Medium2024-11-01
CVE-2024-49683 WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability — Schema & Structured Data for WP & AMPCWE-862 5.3 Medium2024-10-24
CVE-2024-5582 Schema & Structured Data for WP & AMP <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute — Schema & Structured Data for WP & AMPCWE-79 6.4 Medium2024-07-17
CVE-2024-3491 Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks — Schema & Structured Data for WP & AMPCWE-79 6.4 Medium2024-04-23
CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification — Schema & Structured Data for WP & AMPCWE-284 4.3 Medium2024-02-20
CVE-2024-1586 Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting — Schema & Structured Data for WP & AMPCWE-79 6.4 Medium2024-02-20
CVE-2023-51677 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS) — Schema & Structured Data for WP & AMPCWE-79 6.5 Medium2024-02-01
CVE-2024-22146 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS) — Schema & Structured Data for WP & AMPCWE-79 6.5 Medium2024-01-31
CVE-2023-35883 WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection — Core Web Vitals & PageSpeed BoosterCWE-601 4.7 Medium2023-12-19
CVE-2021-4366 PWA for WP & AMP < = 1.7.32 - Missing Authorization — PWA for WP – Progressive Web Apps Made SimpleCWE-862 6.3 Medium2023-06-07
CVE-2021-4354 PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload — PWA for WP – Progressive Web Apps Made SimpleCWE-434 8.8 High2023-06-07

This page lists every published CVE security advisory associated with Magazine3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.