Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP OnlineSupport, Essential Plugin — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting WP OnlineSupport, Essential Plugin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP OnlineSupport, Essential Plugin provides customer support functionality for WordPress websites, enabling live chat and ticket management systems. Historically, the plugin has been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, accounting for its 12 recorded CVEs. These weaknesses often stem from insufficient input validation and improper access controls. In 2023, a critical RCE vulnerability (CVE-2023-22878) allowed unauthenticated attackers to execute arbitrary code, leading to widespread exploitation. The plugin's frequent updates and high vulnerability count make it a persistent security concern for WordPress administrators, requiring immediate patching and careful configuration to mitigate risks.

Top products by WP OnlineSupport, Essential Plugin: Popup Anything – A Marketing Popup and Lead Generation Conversions Hero Banner Ultimate Audio Player with Playlist Ultimate Popup Anything Preloader for Website Timeline and History slider Featured Post Creative Portfolio and Projects Accordion and Accordion Slider Meta slider and carousel with lightbox Album and Image Gallery plus Lightbox Trending/Popular Post Slider and Widget
CVE IDTitleCVSSSeverityPublished
CVE-2023-39996 WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control — Accordion and Accordion SliderCWE-862 5.3 Medium2024-12-13
CVE-2023-39995 WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability — Portfolio and ProjectsCWE-862 4.3 Medium2024-12-13
CVE-2022-46846 WordPress Trending/Popular Post Slider and Widget plugin <= 1.5.7 - Broken Access Control vulnerability — Trending/Popular Post Slider and WidgetCWE-862 5.3 Medium2024-12-13
CVE-2023-25060 WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability — Album and Image Gallery plus LightboxCWE-862 5.3 Medium2024-12-09
CVE-2023-25703 WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability — Meta slider and carousel with lightboxCWE-862 5.3 Medium2024-12-09
CVE-2023-30488 WordPress Featured Post Creative plugin <= 1.2.7 - Broken Access Control vulnerability — Featured Post CreativeCWE-862 5.3 Medium2024-12-09
CVE-2024-43232 WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability — Timeline and History sliderCWE-22 8.5 High2024-08-19
CVE-2023-48273 WordPress Preloader for Website plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability — Preloader for WebsiteCWE-862 5.3 Medium2024-06-11
CVE-2024-32601 WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability — Popup AnythingCWE-862 5.3 Medium2024-04-18
CVE-2023-38516 WordPress Audio Player with Playlist Ultimate Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) — Audio Player with Playlist UltimateCWE-79 6.5 Medium2023-09-03
CVE-2022-45818 WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) — Hero Banner UltimateCWE-79 6.5 Medium2023-05-04
CVE-2022-38077 WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) — Popup Anything – A Marketing Popup and Lead Generation ConversionsCWE-352 4.3 Medium2023-03-29

This page lists every published CVE security advisory associated with WP OnlineSupport, Essential Plugin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.