Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Engine — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting WP Engine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Engine provides managed WordPress hosting services, enabling businesses to deploy and scale websites on its optimized platform. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from misconfigurations or plugin interactions. While no major public security incidents have been widely reported, the six recorded CVEs highlight potential risks in its complex infrastructure. The company emphasizes security through automated updates, firewalls, and malware scanning, though the attack surface remains significant due to third-party integrations and frequent code updates. Security researchers continue to identify flaws in its hosting environment, underscoring the challenges of securing a large-scale WordPress management platform.

Top products by WP Engine: Advanced Custom Fields Advanced Custom Fields Pro PHP Compatibility Checker Advanced Custom Fields (ACF) Gutenberg Blocks – ACF Blocks Suite
CVE IDTitleCVSSSeverityPublished
CVE-2025-50041 WordPress Gutenberg Blocks – ACF Blocks Suite plugin <= 2.6.11 - Cross Site Scripting (XSS) Vulnerability — Gutenberg Blocks – ACF Blocks SuiteCWE-79 6.5 Medium2025-06-20
CVE-2024-45429 WordPress plugin Advanced Custom Fields和WordPress plugin Advanced Custom Fields Pro 安全漏洞 — Advanced Custom Fields 5.4AIMediumAI2024-09-04
CVE-2022-40696 WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure — Advanced Custom Fields (ACF)CWE-200 3.7 Low2024-01-08
CVE-2023-40068 WordPress plugin Advanced Custom Fields 跨站脚本漏洞 — Advanced Custom Fields 5.4 -2023-08-21
CVE-2023-24421 WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) — PHP Compatibility CheckerCWE-352 5.4 Medium2023-07-11
CVE-2023-30777 WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS) — Advanced Custom Fields ProCWE-79 7.1 High2023-05-10

This page lists every published CVE security advisory associated with WP Engine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.