Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP-buy — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting WP-buy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wp-buy is a WordPress plugin designed to facilitate e-commerce transactions, allowing site administrators to sell digital and physical goods directly through their websites. Despite its utility, the software has accumulated twenty-three recorded Common Vulnerabilities and Exposures (CVEs), indicating a persistent pattern of security deficiencies. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. These issues have enabled attackers to compromise site integrity, steal user data, or gain unauthorized administrative access. The high volume of CVEs suggests that the development lifecycle may lack rigorous security testing or timely patching mechanisms. Consequently, organizations relying on this tool face significant risks, necessitating immediate updates and strict monitoring to mitigate potential exploitation of these known weaknesses in a production environment.

Top products by WP-buy: WP Content Copy Protection & No Right Click WP Maintenance Mode & Site Under Construction Visitor Traffic Real Time Statistics Login as User or Customer (User Switching) SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) WP Content Copy Protection & No Right Click (WordPress plugin) 404 Image Redirection (Replace Broken Images) wordpress related Posts with thumbnails Related Posts Widget with Thumbnails Limit Login Attempts Visitors Traffic Real Time Statistics WP Popup Window Maker Limit Login Attempts (Spam Protection) Login Protection – Limit Failed Login Attempts Tree Sitemap (Pages, Posts & Categories list) WooCommerce Conditional Marketing Mailer Captchinoo, Google recaptcha for admin login page
CVE IDTitleCVSSSeverityPublished
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting — Visitor Traffic Real Time StatisticsCWE-79 7.2 High2026-04-04
CVE-2025-49284 WordPress WP Maintenance Mode & Site Under Construction plugin <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability — WP Maintenance Mode & Site Under ConstructionCWE-352 4.3 Medium2025-06-06
CVE-2025-32266 WordPress 404 Image Redirection (Replace Broken Images) plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability — 404 Image Redirection (Replace Broken Images)CWE-352 4.3 Medium2025-04-04
CVE-2025-31570 WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability — Related Posts Widget with ThumbnailsCWE-352 7.1 High2025-03-31
CVE-2025-31569 WordPress wordpress related Posts with thumbnails plugin <= 3.0.0.1 - CSRF to Stored XSS vulnerability — wordpress related Posts with thumbnailsCWE-352 7.1 High2025-03-31
CVE-2023-47557 WordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerability — Visitors Traffic Real Time StatisticsCWE-862 4.3 Medium2025-01-02
CVE-2024-54234 WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability — Limit Login AttemptsCWE-89 9.3 Critical2024-12-13
CVE-2024-52421 WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability — WP Popup Window MakerCWE-352 7.1 High2024-11-19
CVE-2024-49306 WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability — WP Content Copy Protection & No Right ClickCWE-352 4.3 Medium2024-10-20
CVE-2022-4534 Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass — Limit Login Attempts (Spam Protection)CWE-348 5.3 Medium2024-10-08
CVE-2023-51484 WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability — Login as User or Customer (User Switching)CWE-287 9.8 Critical2024-04-25
CVE-2023-36678 WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS) — WP Content Copy Protection & No Right ClickCWE-79 5.9 Medium2023-08-05
CVE-2022-40695 WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities — SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin)CWE-352 5.4 Medium2022-11-18
CVE-2022-38704 WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability — SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin)CWE-352 5.4 Medium2022-09-23
CVE-2022-23983 WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability — WP Content Copy Protection & No Right Click (WordPress plugin)CWE-352 4.3 Medium2022-02-21
CVE-2021-24195 Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User — Login as User or Customer (User Switching)CWE-285 8.8 -2021-05-14
CVE-2021-24194 Login Protection - Limit Failed Login Attempts < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User — Login Protection – Limit Failed Login AttemptsCWE-285 8.8 -2021-05-14
CVE-2021-24193 Visitor Traffic Real Time Statistics < 2.12 - Arbitrary Plugin Installation/Activation via Low Privilege User — Visitor Traffic Real Time StatisticsCWE-285 8.8 -2021-05-14
CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User — Tree Sitemap (Pages, Posts & Categories list)CWE-285 8.8 -2021-05-14
CVE-2021-24191 WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege User — WP Maintenance Mode & Site Under ConstructionCWE-285 8.8 -2021-05-14
CVE-2021-24190 WooCommerce Conditional Marketing Mailer < 1.5.2 - Arbitrary Plugin Installation/Activation via Low Privilege User — WooCommerce Conditional Marketing MailerCWE-285 8.8 -2021-05-14
CVE-2021-24189 Captchinoo, Google recaptcha for admin login page < 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User — Captchinoo, Google recaptcha for admin login pageCWE-285 8.8 -2021-05-14
CVE-2021-24188 WP Content Copy Protection & No Right Click < 3.1.5 - Arbitrary Plugin Installation/Activation via Low Privilege User — WP Content Copy Protection & No Right ClickCWE-285 8.8 -2021-05-14

This page lists every published CVE security advisory associated with WP-buy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.