Browse all 4 CVE security advisories affecting MojofyWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MojofyWP is a WordPress plugin designed to enhance user engagement through interactive features. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls. The plugin has accumulated four CVE records to date, highlighting ongoing security concerns. While no major public incidents have been widely documented, the consistent appearance of vulnerabilities in its history suggests potential risks for users who fail to maintain timely updates. Organizations should carefully evaluate security implications before deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-47232 | WordPress WP Affiliate Disclosure plugin <= 1.2.6 - Broken Access Control + CSRF vulnerability — WP Affiliate Disclosure | 4.3 | Medium | 2025-12-21 |
| CVE-2025-32180 | WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Product Carousel For WooCommerce – WoorouSellCWE-79 | 6.5 | Medium | 2025-05-16 |
| CVE-2025-22724 | WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Product Carousel For WooCommerce – WoorouSellCWE-79 | 6.5 | Medium | 2025-01-15 |
| CVE-2023-52178 | WordPress WP Affiliate Disclosure Plugin <= 1.2.7 is vulnerable to Cross-Site Scripting (XSS) — WP Affiliate DisclosureCWE-79 | 6.5 | Medium | 2024-01-05 |
This page lists every published CVE security advisory associated with MojofyWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.