Browse all 4 CVE security advisories affecting WPFable. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPFable is a Windows Presentation Foundation component library used for building desktop applications with rich UI elements. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities due to insecure deserialization, improper input validation, and permission misconfigurations. The four CVEs recorded highlight these recurring issues, with some allowing attackers to execute arbitrary code through crafted XAML files or manipulate UI elements to bypass security controls. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization and apply security patches when using WPFable in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-46468 | WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability — Fable ExtraCWE-98 | 9.8 | Critical | 2025-05-23 |
| CVE-2025-46539 | WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability — Fable ExtraCWE-89 | 9.3 | Critical | 2025-05-23 |
| CVE-2025-46447 | WordPress Fable Extra plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — Fable ExtraCWE-79 | 6.5 | Medium | 2025-04-24 |
This page lists every published CVE security advisory associated with WPFable. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.