Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Spiffy Plugins — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Spiffy Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Spiffy Plugins develops WordPress extensions for enhancing website functionality with themes and optimization tools. Historically, the plugin has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, contributing to its 15 CVE count. Security researchers have frequently identified insufficient input validation and improper access control as recurring issues. In 2022, a critical RCE vulnerability allowed attackers to execute arbitrary code on affected sites, leading to widespread exploitation. The plugin's codebase often lacks consistent security practices, making it a frequent target in vulnerability disclosure reports.

Top products by Spiffy Plugins: Spiffy Calendar WP Flow Plus Spiffy Calendar (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2025-68523 WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability — Spiffy CalendarCWE-862 4.3 Medium2025-12-24
CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability — WP Flow PlusCWE-79 5.9 Medium2025-09-03
CVE-2024-49695 WordPress WP Flow Plus plugin <= 5.2.3 - Cross Site Scripting (XSS) vulnerability — WP Flow PlusCWE-79 6.5 Medium2024-10-24
CVE-2024-43969 WordPress Spiffy Calendar plugin <= 4.9.12 - SQL Injection vulnerability — Spiffy CalendarCWE-89 7.6 High2024-09-17
CVE-2024-45457 WordPress Spiffy Calendar plugin <= 4.9.13 - Cross Site Scripting (XSS) vulnerability — Spiffy CalendarCWE-79 6.5 Medium2024-09-15
CVE-2024-45458 WordPress Spiffy Calendar plugin <= 4.9.13 - Reflected Cross Site Scripting (XSS) vulnerability — Spiffy CalendarCWE-79 7.1 High2024-09-15
CVE-2024-38692 WordPress spiffy-calendar plugin <= 4.9.11 - SQL Injection vulnerability — Spiffy CalendarCWE-89 7.6 High2024-07-22
CVE-2024-30528 WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability — Spiffy CalendarCWE-862 5.4 Medium2024-06-04
CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability — WP Flow PlusCWE-79 6.5 Medium2024-06-04
CVE-2024-30427 WordPress Spiffy Calendar plugin <= 4.9.7 - Cross Site Scripting (XSS) vulnerability — Spiffy CalendarCWE-79 5.4 Medium2024-03-29
CVE-2023-49745 WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS) — Spiffy CalendarCWE-79 6.5 Medium2023-12-14
CVE-2022-46859 WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection — Spiffy CalendarCWE-89 8.5 High2023-11-03
CVE-2023-32122 WordPress Spiffy Calendar Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS) — Spiffy CalendarCWE-79 5.8 Medium2023-08-18
CVE-2022-29434 WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability — Spiffy Calendar 6.3 Medium2022-05-20
CVE-2022-25599 WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability — Spiffy Calendar (WordPress plugin)CWE-352 5.4 Medium2022-02-21

This page lists every published CVE security advisory associated with Spiffy Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.