Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ValvePress — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting ValvePress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ValvePress is a WordPress plugin designed to create and manage press releases and news content. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 14 CVEs, with several critical flaws allowing attackers to execute arbitrary code or compromise administrative access. Notable characteristics include insufficient input validation and improper access controls in its core functionality. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in its codebase suggests ongoing security challenges that require careful maintenance and prompt updates by users.

Top products by ValvePress: WordPress Automatic Plugin Rankie Automatic Pinterest Automatic Pin Wordpress Auto Spinner Pinterest Automatic
CVE IDTitleCVSSSeverityPublished
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WordPress Automatic PluginCWE-80 4.7 Medium2025-08-26
CVE-2025-39510 WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability — Pinterest Automatic PinCWE-89 8.5 High2025-08-14
CVE-2025-46500 WordPress Wordpress Auto Spinner plugin <= 3.26.0 - Reflected Cross Site Scripting (XSS) vulnerability — Wordpress Auto SpinnerCWE-79 7.1 High2025-07-16
CVE-2025-39487 WordPress Rankie plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability — RankieCWE-79 7.1 High2025-07-04
CVE-2025-39486 WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability — RankieCWE-89 8.5 High2025-06-17
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload — WordPress Automatic PluginCWE-434 8.8 High2025-06-11
CVE-2025-39493 WordPress Rankie plugin < 1.8.2 - Broken Access Control Vulnerability — RankieCWE-862 4.3 Medium2025-05-16
CVE-2025-39511 WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability — Pinterest Automatic PinCWE-862 4.3 Medium2025-05-16
CVE-2025-47534 WordPress Wordpress Auto Spinner plugin <= 3.25.0 - Broken Access Control Vulnerability — Wordpress Auto SpinnerCWE-862 4.3 Medium2025-05-16
CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter — WordPress Automatic PluginCWE-79 6.4 Medium2024-05-18
CVE-2024-32693 WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability — AutomaticCWE-352 7.6 High2024-04-22
CVE-2024-27956 WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability — AutomaticCWE-89 9.9 Critical2024-03-21
CVE-2021-4380 Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update — Pinterest AutomaticCWE-284 9.8 Critical2023-06-07
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update — WordPress Automatic PluginCWE-862 9.1 Critical2023-06-07

This page lists every published CVE security advisory associated with ValvePress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.