Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPChill — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting WPChill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPChill operates as a developer of premium WordPress plugins, primarily focusing on e-commerce solutions, membership management, and digital product delivery. Security audits reveal a concerning history, with 57 recorded Common Vulnerabilities and Exposures (CVEs) associated with its software portfolio. These vulnerabilities predominantly stem from insufficient input validation and inadequate access controls, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation. Many flaws allow unauthenticated attackers to execute arbitrary code or manipulate administrative functions, highlighting systemic weaknesses in code review processes. While the company provides technical support, the high volume of disclosed CVEs suggests a reactive rather than proactive security posture. Users of WPChill products face significant risk, necessitating rigorous patch management and continuous monitoring to mitigate potential exploitation of these historically common attack vectors.

Top products by WPChill: Download Monitor Kali Forms — Contact Form & Drag-and-Drop Builder Strong Testimonials Modula Image Gallery – Photo Grid & Video Gallery Image Photo Gallery Final Tiles Grid Passster – Password Protect Pages and Content Gallery PhotoBlocks (WordPress plugin) Image Gallery – Photo Grid & Video Gallery Simple Restrict Filr – Secure document library CPO Content Types Qyrr – simply and modern QR-Code creation RSVP and Event Management Remove Footer Credit CPO Shortcodes Brilliance CPO Companion Modula Image Gallery (WordPress plugin) CPO Shortcodes (WordPress plugin) Download Monitor (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode — Strong TestimonialsCWE-79 6.4 Medium2026-04-08
CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling — Download MonitorCWE-352 5.4 Medium2026-04-07
CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' — Download MonitorCWE-639 7.5 High2026-03-30
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-94 9.8 Critical2026-03-20
CVE-2026-1860 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 4.3 Medium2026-02-18
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing — Modula Image Gallery – Photo Grid & Video GalleryCWE-862 4.3 Medium2026-02-14
CVE-2025-14865 Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Passster – Password Protect Pages and ContentCWE-79 6.4 Medium2026-01-28
CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management — Image Photo Gallery Final Tiles GridCWE-862 5.4 Medium2026-01-19
CVE-2025-14632 Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload — Filr – Secure document libraryCWE-434 4.4 Medium2026-01-17
CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update — Strong TestimonialsCWE-862 4.3 Medium2025-12-30
CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting — Image Photo Gallery Final Tiles GridCWE-79 6.4 Medium2025-12-21
CVE-2025-14455 Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management — Image Photo Gallery Final Tiles GridCWE-862 5.4 Medium2025-12-19
CVE-2025-14003 Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification — Modula Image Gallery – Photo Grid & Video GalleryCWE-862 4.3 Medium2025-12-15
CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing — Modula Image Gallery – Photo Grid & Video GalleryCWE-22 6.5 Medium2025-12-12
CVE-2025-13646 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition — Image Gallery – Photo Grid & Video GalleryCWE-434 7.5 High2025-12-03
CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion — Image Gallery – Photo Grid & Video GalleryCWE-22 7.2 High2025-12-03
CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move — Modula Image Gallery – Photo Grid & Video GalleryCWE-285 4.3 Medium2025-11-15
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution — Strong TestimonialsCWE-79 4.3 Medium2025-11-06
CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload — Qyrr – simply and modern QR-Code creationCWE-434 6.4 Medium2025-09-30
CVE-2025-7367 Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields — Strong TestimonialsCWE-79 6.4 Medium2025-07-15
CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library — Modula Image Gallery – Photo Grid & Video GalleryCWE-79 6.4 Medium2025-04-03
CVE-2024-6261 Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Image Photo Gallery Final Tiles GridCWE-79 6.4 Medium2025-02-27
CVE-2024-12853 Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload — Modula Image Gallery – Photo Grid & Video GalleryCWE-434 8.8 High2025-01-08
CVE-2024-12711 RSVP and Event Management <= 2.7.13 - Missing Authorization — RSVP and Event ManagementCWE-862 5.3 Medium2025-01-07
CVE-2024-11282 Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Passster – Password Protect Pages and ContentCWE-200 5.3 Medium2025-01-07
CVE-2024-11106 Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Simple RestrictCWE-200 5.3 Medium2024-12-10
CVE-2024-10399 Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure — Download MonitorCWE-862 4.3 Medium2024-10-30
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation — Download MonitorCWE-862 4.3 Medium2024-10-26
CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export — Download MonitorCWE-862 7.5 High2024-10-16
CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable — Download MonitorCWE-862 4.3 Medium2024-09-26

This page lists every published CVE security advisory associated with WPChill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.