Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

StellarWP — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting StellarWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StellarWP primarily develops and maintains premium WordPress plugins, including the popular MemberPress platform for membership management and subscription billing. Historically, its software has been associated with a significant volume of Common Vulnerabilities and Exposures, totaling 115 recorded instances. These security issues predominantly involve cross-site scripting (XSS), SQL injection, and arbitrary file upload flaws, often stemming from insufficient input validation and weak access controls within plugin code. While the company generally responds to disclosed vulnerabilities, the high frequency of patches indicates persistent challenges in secure coding practices. Notable incidents include multiple remote code execution (RCE) vectors that allowed attackers to compromise WordPress installations without authentication. The sheer number of CVEs suggests that while the products are widely used, their security posture has frequently lagged behind industry standards, requiring users to prioritize timely updates and rigorous security auditing to mitigate risks associated with these historically common vulnerability classes.

Found 27 results / 115Clear Filters
Top products by StellarWP: GiveWP – Donation Plugin and Fundraising Platform Kadence Blocks — Page Builder Toolkit for Gutenberg Editor The Events Calendar GiveWP Membership Plugin – Restrict Content LearnDash LMS Event Tickets and Registration Gutenberg Blocks by Kadence Blocks WPComplete Kadence WooCommerce Email Designer Event Tickets Bookit — Booking & Appointment Calendar Restrict Content LearnDash LMS – Reports Give – Divi Donation Modules Virtue iThemes Sync Image Widget
CVE IDTitleCVSSSeverityPublished
CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 7.2 High2025-11-19
CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2025-10-04
CVE-2025-11227 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 6.5 Medium2025-10-04
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 4.3 Medium2025-08-21
CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2025-08-06
CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 5.4 Medium2025-07-31
CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.4 Medium2025-06-19
CVE-2025-2331 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2025-03-22
CVE-2025-2025 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2025-03-15
CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2025-03-04
CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2025-01-11
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-10-16
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-09-28
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter — GiveWP – Donation Plugin and Fundraising PlatformCWE-89 7.2 High2024-09-27
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2024-08-29
CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2024-08-20
CVE-2024-5939 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2024-08-20
CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 10.0 Critical2024-08-20
CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.4 Medium2024-08-20
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions — GiveWP – Donation Plugin and Fundraising PlatformCWE-639 5.4 Medium2024-07-19
CVE-2024-3714 GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-05-18
CVE-2024-1957 GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-13
CVE-2024-1424 GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-09
CVE-2023-4247 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2023-4246 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 4.3 Medium2024-01-11
CVE-2023-4248 GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2022-07-18

This page lists every published CVE security advisory associated with StellarWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.