Browse all 47 CVE security advisories affecting WPEverest. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPEverest operates as a software development entity primarily focused on creating WordPress plugins and themes, serving the content management ecosystem. Security audits have identified forty-seven distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, highlighting significant historical security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and inadequate access controls within plugin architectures. These flaws have frequently allowed unauthenticated attackers to compromise site integrity, execute arbitrary code, or escalate user permissions. While specific major public incidents are not always individually cataloged in high-profile breach reports, the sheer volume of CVEs indicates a pattern of recurring security oversights. This track record suggests that WPEverest’s codebase has historically lacked rigorous security review processes, posing substantial risks to dependent websites and their administrators.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4882 | User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload — User Registration Advanced FieldsCWE-434 | 9.8 | Critical | 2026-05-02 |
This page lists every published CVE security advisory associated with WPEverest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.