WPChill — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting WPChill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPChill operates as a developer of premium WordPress plugins, primarily focusing on e-commerce solutions, membership management, and digital product delivery. Security audits reveal a concerning history, with 57 recorded Common Vulnerabilities and Exposures (CVEs) associated with its software portfolio. These vulnerabilities predominantly stem from insufficient input validation and inadequate access controls, leading to frequent instances of Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation. Many flaws allow unauthenticated attackers to execute arbitrary code or manipulate administrative functions, highlighting systemic weaknesses in code review processes. While the company provides technical support, the high volume of disclosed CVEs suggests a reactive rather than proactive security posture. Users of WPChill products face significant risk, necessitating rigorous patch management and continuous monitoring to mitigate potential exploitation of these historically common attack vectors.

CVEs 57

CVE ID	Title	CVSS	Severity	Published
CVE-2023-6491	Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification — Strong TestimonialsCWE-284	4.3	Medium	2024-06-07
CVE-2024-3269	Download Monitor <= 4.9.13 - Missing Authorization — Download MonitorCWE-285	5.4	Medium	2024-05-30
CVE-2024-32429	WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability — Remove Footer CreditCWE-79	5.9	Medium	2024-04-15
CVE-2024-2026	Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode — Passster – Password Protect Pages and ContentCWE-79	6.4	Medium	2024-04-09
CVE-2024-30501	WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability — Download MonitorCWE-89	7.6	High	2024-03-29
CVE-2024-1083	Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure — Simple RestrictCWE-200	5.3	Medium	2024-03-13
CVE-2024-1218	Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862	4.3	Medium	2024-02-20
CVE-2024-1217	Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862	7.6	High	2024-02-20
CVE-2024-0616	Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure — Passster – Password Protect Pages and ContentCWE-200	5.3	Medium	2024-02-20
CVE-2022-45354	WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure — Download MonitorCWE-200	5.3	Medium	2024-01-08
CVE-2023-52123	WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF) — Strong TestimonialsCWE-352	4.3	Medium	2024-01-05
CVE-2023-34007	WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload — Download MonitorCWE-434	9.9	Critical	2023-12-20
CVE-2023-5704	CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — CPO ShortcodesCWE-79	6.4	Medium	2023-11-22
CVE-2023-31219	WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF) — Download MonitorCWE-918	4.1	Medium	2023-11-13
CVE-2023-26013	WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) — Strong TestimonialsCWE-79	6.5	Medium	2023-06-16
CVE-2020-36721	Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation — BrillianceCWE-284	6.5	Medium	2023-06-07
CVE-2020-36717	Kali Forms <= 2.1.1 - Cross-Site Request Forgery — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-352	8.8	High	2023-06-07
CVE-2020-36720	Kali Forms <= 2.1.1 - Missing Authorization to Settings Update — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862	7.1	High	2023-06-07
CVE-2020-36712	Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862	8.6	High	2023-06-07
CVE-2023-25451	WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) — CPO Content TypesCWE-79	5.9	Medium	2023-04-23
CVE-2023-0162	CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting — CPO CompanionCWE-79	5.5	Medium	2023-01-10
CVE-2022-41135	WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability — Modula Image Gallery (WordPress plugin)CWE-284	6.5	Medium	2022-11-18
CVE-2022-40672	WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — CPO Shortcodes (WordPress plugin)CWE-79	4.8	Medium	2022-09-23
CVE-2022-37407	WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Gallery PhotoBlocks (WordPress plugin)CWE-79	4.1	Medium	2022-09-09
CVE-2022-36292	WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities — Gallery PhotoBlocks (WordPress plugin)CWE-352	5.4	Medium	2022-08-23
CVE-2021-23174	WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — Download MonitorCWE-79	3.4	Low	2022-01-28
CVE-2021-36920	WordPress plugin Download Monitor <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability — Download Monitor (WordPress plugin)CWE-79	4.8	Medium	2022-01-14

This page lists every published CVE security advisory associated with WPChill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

WPChill — Vulnerabilities & Security Advisories 57