Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Wham — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting WP Wham. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Wham is a WordPress plugin designed to enhance website security through firewall protection and malware scanning. Historically, it has been associated with multiple critical vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. The plugin's security mechanisms have themselves been compromised in several incidents, leading to its inclusion in six CVE records. These vulnerabilities often stem from insufficient input validation and improper access controls, allowing attackers to bypass security features entirely. Notably, some exploits enabled complete website takeover, highlighting significant risks for administrators relying on this security tool.

Top products by WP Wham: Checkout Files Upload for WooCommerce (WordPress plugin) Product Visibility by Country for WooCommerce SKU Generator for WooCommerce Checkout Files Upload for WooCommerce Crowdfunding for WooCommerce All Currencies for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-30950 WordPress All Currencies for WooCommerce plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability — All Currencies for WooCommerceCWE-79 6.5 Medium2025-06-06
CVE-2025-32628 WordPress Crowdfunding for WooCommerce Plugin <= 3.1.12 - Reflected Cross Site Scripting (XSS) vulnerability — Crowdfunding for WooCommerceCWE-79 7.1 High2025-04-17
CVE-2025-39520 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability — Checkout Files Upload for WooCommerceCWE-79 6.5 Medium2025-04-16
CVE-2025-30917 WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability — SKU Generator for WooCommerceCWE-79 7.1 High2025-04-01
CVE-2023-47660 WordPress Product Visibility by Country for WooCommerce Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS) — Product Visibility by Country for WooCommerceCWE-79 5.9 Medium2023-11-14
CVE-2022-29425 WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability — Checkout Files Upload for WooCommerce (WordPress plugin)CWE-79 6.1 Medium2022-05-20

This page lists every published CVE security advisory associated with WP Wham. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.