StaxWP — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting StaxWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Staxwp is a WordPress plugin primarily used for creating and managing subscription-based content websites. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's complex functionality involving user management and content access controls has frequently led to authentication bypass flaws and insufficient input sanitization. While no major public security incidents have been widely documented, the consistent presence of multiple CVEs in its history indicates ongoing security challenges that require careful configuration and prompt updates by site administrators using this subscription content management solution.

Top products by StaxWP: Stax Addons for Elementor Visibility Logic for Elementor Elementor Addons, Widgets and Enhancements – Stax BuddyPress Builder for Elementor – BuddyBuilder

CVEs 6

CVE ID	Title	CVSS	Severity	Published
CVE-2024-10778	BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure — BuddyPress Builder for Elementor – BuddyBuilderCWE-639	4.3	Medium	2024-11-13
CVE-2024-37541	WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — Elementor Addons, Widgets and Enhancements – StaxCWE-79	6.5	Medium	2024-07-06
CVE-2024-3064	Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Stax Addons for ElementorCWE-79	6.4	Medium	2024-04-09
CVE-2022-47169	WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) — Visibility Logic for ElementorCWE-352	4.3	Medium	2023-07-18
CVE-2023-1807	Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget — Stax Addons for ElementorCWE-352	4.3	Medium	2023-06-09
CVE-2023-2189	Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget — Stax Addons for ElementorCWE-862	4.3	Medium	2023-06-09

This page lists every published CVE security advisory associated with StaxWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

StaxWP — Vulnerabilities & Security Advisories 6