Browse all 3 CVE security advisories affecting WP Spell Check. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Spell Check is a WordPress plugin designed to assist users in identifying spelling and grammatical errors within their content. Historically, the plugin has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, which have resulted in three assigned CVEs. These vulnerabilities often stem from insufficient input sanitization and improper access controls, potentially allowing attackers to execute malicious code or compromise website integrity. While no major public incidents have been widely documented, the consistent presence of vulnerabilities in its version history indicates a need for careful implementation and regular updates to mitigate potential security risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-25111 | WordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability — WP Spell CheckCWE-352 | 5.4 | Medium | 2025-02-07 |
| CVE-2024-22143 | WordPress WP Spell Check Plugin <= 9.17 is vulnerable to Cross Site Request Forgery (CSRF) — WP Spell CheckCWE-352 | 5.4 | Medium | 2024-01-31 |
| CVE-2019-6027 | WordPress WP Spell Check 跨站请求伪造漏洞 — WP Spell Check | 8.8 | - | 2019-12-26 |
This page lists every published CVE security advisory associated with WP Spell Check. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.