Browse all 4 CVE security advisories affecting SolidWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SolidWP provides WordPress management solutions through its suite of plugins and services, focusing on site optimization and security. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. The company maintains a moderate security posture with four CVEs on record, primarily affecting its older products. While no major public security incidents have been documented, the presence of RCE vulnerabilities in previous versions highlights the importance of timely updates. SolidWP's security approach emphasizes regular patch releases and follows responsible disclosure practices to address potential risks in their ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1123 | Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email — Solid Mail – SMTP email and logging made by SolidWPCWE-79 | 7.2 | High | 2025-05-23 |
| CVE-2023-40001 | WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability — iThemes SyncCWE-862 | 4.3 | Medium | 2024-12-13 |
| CVE-2022-44593 | WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability — Solid SecurityCWE-348 | 3.7 | Low | 2024-06-21 |
| CVE-2023-28786 | WordPress Solid Security Plugin <= 8.1.4 is vulnerable to Open Redirection — Solid Security – Password, Two Factor Authentication, and Brute Force ProtectionCWE-601 | 3.7 | Low | 2023-12-29 |
This page lists every published CVE security advisory associated with SolidWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.