Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShapedPlugin — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting ShapedPlugin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ShapedPlugin is a WordPress plugin designed to enhance website functionality through customizable shapes and interactive elements. Historically, it has been vulnerable to multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, with eight CVEs documented to date. These weaknesses often stem from insufficient input validation and improper access controls. The plugin's security posture has been compromised in incidents where attackers could execute arbitrary code or steal session cookies through unfiltered parameters. Despite its utility, ShapedPlugin's history of vulnerabilities has made it a target for exploitation, particularly in environments running outdated versions without proper hardening measures.

Top products by ShapedPlugin: Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel WP Tabs – Responsive Tabs Plugin for WordPress Easy Accordion – Responsive Accordion FAQ Builder and Product FAQ Widget Post Slider Quick View for WooCommerce Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts
CVE IDTitleCVSSSeverityPublished
CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute — Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP CarouselCWE-79 6.4 Medium2026-05-05
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection — Smart Post Show – Post Grid, Post Carousel & Slider, and List Category PostsCWE-502 7.2 High2026-04-14
CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure — Quick View for WooCommerceCWE-200 5.3 Medium2025-11-27
CVE-2024-32801 WordPress Widget Post Slider plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability — Widget Post SliderCWE-79 5.9 Medium2024-04-24
CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection — Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP CarouselCWE-502 7.2 High2024-04-10
CVE-2024-2949 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' — Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP CarouselCWE-79 6.4 Medium2024-04-06
CVE-2024-1363 Easy Accordion – Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Accordion – Responsive Accordion FAQ Builder and Product FAQCWE-79 6.4 Medium2024-03-13
CVE-2023-25065 WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF) — WP Tabs – Responsive Tabs Plugin for WordPressCWE-352 5.4 Medium2023-02-14

This page lists every published CVE security advisory associated with ShapedPlugin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.