Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Chill — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting WP Chill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Chill is a WordPress plugin designed to optimize site performance by caching static content and reducing server load. Despite its utility, the software has accumulated twenty-eight Common Vulnerabilities and Exposures (CVEs), indicating a persistent pattern of security oversights. Historically, these flaws predominantly involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), allowing attackers to inject malicious scripts or execute arbitrary commands on vulnerable servers. Additionally, several instances of privilege escalation have been documented, enabling low-privileged users to gain administrative access. These vulnerabilities often stem from inadequate input validation and insufficient sanitization of user-supplied data within the plugin’s core functions. While no single catastrophic incident has defined its history, the high volume of disclosed CVEs suggests systemic issues in the development lifecycle. Users are advised to prioritize regular updates and rigorous security audits to mitigate the risk of exploitation in production environments.

Top products by WP Chill: Filr Strong Testimonials Revive.so Passster Htaccess File Editor Kali Forms RSVP and Event Management Download Monitor Gallery PhotoBlocks Modula Image Gallery Image Photo Gallery Final Tiles Grid Brilliance Allegiant
CVE IDTitleCVSSSeverityPublished
CVE-2026-39561 WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability — Revive.soCWE-862 5.3 Medium2026-04-08
CVE-2026-39536 WordPress RSVP and Event Management plugin <= 2.7.16 - Sensitive Data Exposure vulnerability — RSVP and Event ManagementCWE-497 5.3 Medium2026-04-08
CVE-2026-39510 WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerability — Image Photo Gallery Final Tiles GridCWE-639 2.7 Low2026-04-08
CVE-2026-39486 WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability — Download MonitorCWE-89 8.5 High2026-04-08
CVE-2026-28133 WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability — FilrCWE-434 8.5 High2026-03-05
CVE-2026-25375 WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability — Image Photo Gallery Final Tiles GridCWE-862 4.3 Medium2026-02-19
CVE-2026-25036 WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability — PasssterCWE-862 6.5 Medium2026-02-03
CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability — Strong TestimonialsCWE-862 6.5 Medium2026-02-03
CVE-2026-24939 WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability — Modula Image GalleryCWE-862 4.3 Medium2026-02-03
CVE-2026-24389 WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Gallery PhotoBlocksCWE-79 6.5 Medium2026-01-22
CVE-2026-23976 WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability — Modula Image GalleryCWE-79 5.9 Medium2026-01-22
CVE-2025-64230 WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability — FilrCWE-22 7.7 High2025-12-18
CVE-2025-64218 WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability — PasssterCWE-201 7.5 High2025-12-18
CVE-2025-59551 WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability — Revive.soCWE-862 4.3 Medium2025-09-22
CVE-2025-57926 WordPress Passster Plugin <= 4.2.18 - Cross Site Scripting (XSS) Vulnerability — PasssterCWE-79 6.5 Medium2025-09-22
CVE-2025-58610 WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability — Gallery PhotoBlocksCWE-79 6.5 Medium2025-09-03
CVE-2025-47439 WordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion Vulnerability — Download MonitorCWE-98 7.5 High2025-05-07
CVE-2025-32233 WordPress Revive.so plugin <= 2.0.3 - Broken Access Control vulnerability — Revive.soCWE-862 4.3 Medium2025-04-04
CVE-2025-26975 WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability — Strong TestimonialsCWE-862 5.3 Medium2025-02-25
CVE-2025-24683 WordPress RSVP and Event Management Plugin <= 2.7.14 - SQL Injection vulnerability — RSVP and Event ManagementCWE-89 7.6 High2025-01-24
CVE-2025-22773 WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability — Htaccess File EditorCWE-538 5.3 Medium2025-01-15
CVE-2023-46083 WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability — Kali FormsCWE-862 5.3 Medium2025-01-02
CVE-2023-45275 WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability — Kali FormsCWE-862 6.5 Medium2025-01-02
CVE-2024-49256 WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability — Htaccess File EditorCWE-863 6.5 Medium2024-11-01
CVE-2024-47362 WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability — Strong TestimonialsCWE-862 4.3 Medium2024-11-01
CVE-2024-43329 WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — AllegiantCWE-79 6.5 Medium2024-08-18
CVE-2024-43216 WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability — FilrCWE-79 6.5 Medium2024-08-12
CVE-2023-28171 WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) — BrillianceCWE-79 5.4 Medium2023-06-22

This page lists every published CVE security advisory associated with WP Chill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.