Browse all 6 CVE security advisories affecting MotoPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MotoPress is a WordPress plugin provider offering page builders and website management tools. Historically, vulnerabilities have included stored cross-site scripting (XSS), arbitrary file uploads leading to remote code execution (RCE), and privilege escalation flaws. Security researchers have identified multiple instances of insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the five CVEs on record highlight recurring patterns in sanitization and permission handling. The plugin's extensive functionality increases its attack surface, making regular security updates critical for users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39630 | WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability — Timetable and Event ScheduleCWE-502 | 5.5 | Medium | 2024-08-01 |
| CVE-2022-2844 | MotoPress Timetable and Event Schedule Calendar cross site scripting — Timetable and Event ScheduleCWE-79 | 3.5 | Low | 2022-08-16 |
| CVE-2022-2843 | MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting — Timetable and Event ScheduleCWE-79 | 3.5 | Low | 2022-08-16 |
This page lists every published CVE security advisory associated with MotoPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.