Browse all 5 CVE security advisories affecting TangibleWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TangibleWP develops WordPress plugins primarily for e-commerce and membership functionality, with five CVEs recorded to date. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, the plugin's persistent presence in vulnerability reports suggests ongoing challenges in secure coding practices. Security researchers have noted recurring issues in how user-supplied data is handled, particularly in administrative functions, highlighting the need for rigorous input sanitization and permission enforcement.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67957 | WordPress Listivo Core plugin <= 2.3.77 - Local File Inclusion vulnerability — Listivo CoreCWE-98 | 8.1 | High | 2026-01-22 |
| CVE-2025-67955 | WordPress MyHome Core plugin <= 4.1.0 - Local File Inclusion vulnerability — MyHome CoreCWE-98 | 7.5 | High | 2026-01-22 |
| CVE-2025-60117 | WordPress Vehica Core Plugin <= 1.0.100 - Cross Site Request Forgery (CSRF) Vulnerability — Vehica CoreCWE-352 | 4.3 | Medium | 2025-09-26 |
| CVE-2025-3105 | Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation — Vehica CoreCWE-269 | 8.8 | High | 2025-04-04 |
| CVE-2024-13867 | Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting — Listivo - Classified Ads WordPress ThemeCWE-79 | 6.1 | Medium | 2025-02-13 |
This page lists every published CVE security advisory associated with TangibleWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.