Browse all 5 CVE security advisories affecting SecuPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Secupress is a WordPress security plugin focused on protecting websites from common vulnerabilities. Historically, the plugin has been associated with several security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws have allowed attackers to compromise websites, manipulate content, and gain unauthorized access. The plugin has recorded five CVEs, highlighting ongoing security challenges. While it provides essential security features for WordPress sites, its vulnerability history suggests users should maintain regular updates and implement additional security layers to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-3452 | SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — SecuPress with Simple SSL – Simple and Performant SecurityCWE-862 | 4.3 | Medium | 2025-04-29 |
| CVE-2024-9019 | SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode — SecuPress with Simple SSL – Simple and Performant SecurityCWE-79 | 6.4 | Medium | 2025-02-28 |
| CVE-2024-1504 | SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address — SecuPress with Simple SSL – Simple and Performant SecurityCWE-352 | 4.3 | Medium | 2024-04-02 |
This page lists every published CVE security advisory associated with SecuPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.