Browse all 5 CVE security advisories affecting PluginsPoint. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PluginsPoint is a marketplace for WordPress plugins and themes, providing third-party extensions to enhance website functionality. Historically, it has been associated with multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and insecure deserialization. The platform has also documented privilege escalation flaws, allowing unauthorized access to administrative functions. With five CVEs on record, security researchers have noted that some plugins approved by PluginsPoint contained backdoors or obfuscated malicious code, though no major public incidents have been widely reported. The platform's open submission model has occasionally led to security gaps, requiring ongoing scrutiny of submitted extensions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-30559 | WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — Kento WordPress StatsCWE-79 | 7.1 | High | 2025-04-01 |
This page lists every published CVE security advisory associated with PluginsPoint. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.