Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPDeveloper — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting WPDeveloper. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPDeveloper operates as a software vendor specializing in WordPress plugins and themes, primarily targeting web developers and site administrators seeking to extend functionality. Historical security audits reveal a pattern of critical vulnerabilities, including forty-nine recorded Common Vulnerabilities and Exposures (CVEs). These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper sanitization of user-supplied data. The high volume of disclosed issues suggests systemic weaknesses in the development lifecycle, particularly regarding secure coding practices and rigorous testing protocols. While specific major incidents are not always publicly detailed, the consistent recurrence of severe bugs indicates a significant risk posture for users relying on these extensions. Consequently, organizations utilizing WPDeveloper products must implement strict monitoring and timely patching strategies to mitigate the inherent exposure to exploitation attempts.

Top products by WPDeveloper: Essential Addons for Elementor Essential Blocks for Gutenberg EmbedPress BetterDocs Templately Essential Addons for Elementor Pro Typing Text BetterLinks NotificationX ReviewX – Multi-criteria Rating & Reviews for WooCommerce Parallax Slider Block SchedulePress Simple 301 Redirects by BetterLinks Document Block – Upload & Embed Docs Secret Meta
CVE IDTitleCVSSSeverityPublished
CVE-2026-42644 WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability — BetterDocsCWE-497 5.3 Medium2026-04-29
CVE-2026-42379 WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability — TemplatelyCWE-201 7.7 High2026-04-27
CVE-2026-27042 WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability — NotificationXCWE-862 5.3 Medium2026-02-19
CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability — Essential Addons for ElementorCWE-862 5.3 Medium2026-02-19
CVE-2025-69092 WordPress Essential Addons for Elementor plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability — Essential Addons for ElementorCWE-79 6.5 Medium2025-12-30
CVE-2025-64352 WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability — Essential Addons for ElementorCWE-862 2.7 Low2025-10-31
CVE-2025-49408 WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability — TemplatelyCWE-201 10.0 Critical2025-08-20
CVE-2025-24752 WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability — Essential Addons for ElementorCWE-79 7.1 High2025-04-17
CVE-2025-39589 WordPress Essential Addons for Elementor plugin <= 6.1.9 - Sensitive Data Exposure Vulnerability — Essential Addons for ElementorCWE-497 4.3 Medium2025-04-16
CVE-2025-39590 WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability — Essential Addons for ElementorCWE-79 6.5 Medium2025-04-16
CVE-2025-25086 WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability — Secret MetaCWE-352 7.1 High2025-03-27
CVE-2025-26871 WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability — Essential Blocks for GutenbergCWE-862 4.3 Medium2025-02-25
CVE-2025-22696 WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability — Document Block – Upload & Embed DocsCWE-862 5.4 Medium2025-02-04
CVE-2025-22683 WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability — NotificationXCWE-79 6.5 Medium2025-02-03
CVE-2025-22315 WordPress Typing Text plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — Typing TextCWE-79 6.5 Medium2025-01-07
CVE-2023-45104 WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability — BetterLinksCWE-862 7.3 High2025-01-02
CVE-2024-56063 WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability — Essential Addons for ElementorCWE-79 6.5 Medium2024-12-31
CVE-2022-47594 WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control — Essential Blocks for GutenbergCWE-862 6.5 Medium2024-12-13
CVE-2023-47760 WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability — Essential Blocks for GutenbergCWE-862 4.3 Medium2024-12-09
CVE-2023-47761 WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.7 - Broken Access Control vulnerability — Simple 301 Redirects by BetterLinksCWE-862 4.3 Medium2024-12-09
CVE-2023-47762 WordPress BetterDocs plugin <= 2.5.2 - Broken Access Control vulnerability — BetterDocsCWE-862 4.3 Medium2024-12-09
CVE-2023-51360 WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability — Essential Blocks for GutenbergCWE-862 6.5 Medium2024-12-09
CVE-2023-51359 WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability — Essential Blocks for GutenbergCWE-862 5.4 Medium2024-12-09
CVE-2024-51672 WordPress BetterLinks plugin <= 2.1.7 - SQL Injection vulnerability — BetterLinksCWE-89 7.6 High2024-11-04
CVE-2024-38707 WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability — EmbedPressCWE-862 6.3 Medium2024-11-01
CVE-2024-47308 WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability — TemplatelyCWE-862 6.5 Medium2024-11-01
CVE-2024-50423 WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability — TemplatelyCWE-862 5.4 Medium2024-10-29
CVE-2024-50424 WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability — TemplatelyCWE-862 6.5 Medium2024-10-29
CVE-2024-50461 WordPress EmbedPress plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability — EmbedPressCWE-79 6.5 Medium2024-10-28
CVE-2024-47385 WordPress Essential Blocks plugin <= 4.8.4 - Cross Site Scripting (XSS) vulnerability — Essential Blocks for GutenbergCWE-79 6.5 Medium2024-10-05

This page lists every published CVE security advisory associated with WPDeveloper. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.