Browse all 3 CVE security advisories affecting WBW Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WBW Plugins develops WordPress extensions for enhancing website functionality, with three publicly disclosed CVEs. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper sanitization. Security assessments reveal inconsistent access controls and inadequate security headers in some implementations. While no major public incidents have been documented, the CVE history indicates a pattern of security oversights in user interaction handling and file operations. The plugin suite maintains moderate adoption but requires careful configuration to mitigate risks associated with its historical vulnerability profile.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32410 | WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability — WBW Currency Switcher for WooCommerceCWE-862 | 5.3 | Medium | 2026-03-13 |
| CVE-2025-31086 | WordPress Product Table by WBW plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Product Table by WBWCWE-79 | 7.1 | High | 2025-04-01 |
| CVE-2024-49691 | WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability — Product Filter by WBWCWE-89 | 7.6 | High | 2024-10-24 |
This page lists every published CVE security advisory associated with WBW Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.