Browse all 4 CVE security advisories affecting Upqode. AI-powered Chinese analysis, POCs, and references for each vulnerability.
UPQODE is a digital solutions provider specializing in web development and IT consulting services. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by their four recorded CVEs. While no major security incidents have been publicly documented, the consistent presence of critical vulnerabilities in their offerings suggests potential weaknesses in secure coding practices. Their client-facing applications often require robust input validation and access controls to mitigate identified risks. Security researchers should focus on their web components and authentication mechanisms when assessing their infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-38743 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability — Plum: Spin Wheel & Email Pop-upCWE-862 | 5.3 | Medium | 2024-11-01 |
| CVE-2024-38744 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability — Plum: Spin Wheel & Email Pop-upCWE-862 | 8.3 | High | 2024-11-01 |
| CVE-2024-30544 | WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability — WhizzyCWE-862 | 5.3 | Medium | 2024-06-09 |
| CVE-2024-30543 | WordPress Whizzy plugin <= 1.1.18 - Insecure Direct Object References (IDOR) vulnerability — WhizzyCWE-639 | 6.5 | Medium | 2024-03-31 |
This page lists every published CVE security advisory associated with Upqode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.