Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Swings — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting WP Swings. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Swings is a WordPress plugin designed to facilitate the creation of interactive polls, quizzes, and surveys, primarily targeting educational and marketing use cases. Despite its utility, the software has been associated with twenty-one recorded Common Vulnerabilities and Exposures (CVEs), indicating significant historical security deficiencies. These vulnerabilities predominantly involve critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper capability checks in older versions. While no single catastrophic data breach has been widely publicized as a direct result of these specific flaws, the high volume of CVEs suggests a pattern of neglect in patching known security holes. Users are strongly advised to audit their installations, as the plugin’s architecture has repeatedly allowed unauthenticated attackers to compromise site integrity, highlighting the risks inherent in maintaining outdated third-party WordPress extensions.

Top products by WP Swings: Wallet System for WooCommerce Membership For WooCommerce Points and Rewards for WooCommerce Coupon Referral Program Gift Cards for WooCommerce Pro WooCommerce Ultimate Gift Card WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet PDF Generator for WordPress Upsell Order Bump Offer for WooCommerce Ultimate Gift Cards For WooCommerce Subscriptions for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability — Subscriptions for WooCommerceCWE-290 7.5 High2026-03-25
CVE-2026-24375 WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability — Ultimate Gift Cards For WooCommerceCWE-862 5.3 Medium2026-02-19
CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability — Points and Rewards for WooCommerceCWE-862 5.4 Medium2026-01-23
CVE-2025-68029 WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability — Wallet System for WooCommerceCWE-201 7.5 -2026-01-05
CVE-2025-67909 WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability — Membership For WooCommerceCWE-639 7.5 High2025-12-24
CVE-2025-59565 WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability — Upsell Order Bump Offer for WooCommerceCWE-79 6.5 Medium2025-09-22
CVE-2025-58978 WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability — PDF Generator for WordPressCWE-862 5.3 Medium2025-09-09
CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability — Membership For WooCommerceCWE-862 7.5 High2025-08-14
CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload — WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User WalletCWE-434 9.8 Critical2025-07-18
CVE-2025-54041 WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability — Wallet System for WooCommerceCWE-352 4.3 Medium2025-07-16
CVE-2025-49265 WordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control Vulnerability — Membership For WooCommerceCWE-862 7.5 High2025-06-09
CVE-2025-32530 WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability — Wallet System for WooCommerceCWE-79 7.1 High2025-04-17
CVE-2025-39579 WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability — Membership For WooCommerceCWE-79 6.5 Medium2025-04-16
CVE-2024-8425 WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload — WooCommerce Ultimate Gift CardCWE-434 9.8 Critical2025-02-28
CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch — Gift Cards for WooCommerce ProCWE-862 7.5 High2025-01-08
CVE-2024-38699 WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability — Wallet System for WooCommerceCWE-862 7.5 High2024-08-13
CVE-2024-32446 WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability — Wallet System for WooCommerceCWE-352 5.4 Medium2024-04-15
CVE-2023-27608 WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability — Points and Rewards for WooCommerceCWE-862 6.5 Medium2024-03-25
CVE-2023-27607 WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability — Points and Rewards for WooCommerceCWE-862 5.4 Medium2024-03-21
CVE-2024-25100 WordPress Coupon Referral Program plugin < 1.8.4 - Unauthenticated PHP Object Injection vulnerability — Coupon Referral ProgramCWE-502 10.0 Critical2024-02-12
CVE-2023-52190 WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to Sensitive Data Exposure — Coupon Referral ProgramCWE-200 7.5 High2024-01-08

This page lists every published CVE security advisory associated with WP Swings. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.