Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPFactory — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting WPFactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPFactory operates as a software development firm specializing in WordPress plugins and themes, catering to web developers and site administrators seeking extended functionality. Historically, its products have been associated with forty-seven recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper capability checks within plugin code, allowing unauthenticated attackers to compromise affected sites. While specific major incidents are rarely publicized as distinct breaches, the high volume of CVEs indicates systemic security oversight in the development lifecycle. The company’s portfolio includes popular tools for SEO, security, and page building, yet the recurring nature of these exploits highlights persistent challenges in maintaining secure coding standards for widely deployed WordPress extensions.

Top products by WPFactory: Wishlist for WooCommerce Products, Order & Customers Export for WooCommerce EAN for WooCommerce Advanced WooCommerce Product Sales Reporting Additional Custom Product Tabs for WooCommerce Helpdesk Support Ticket System for WooCommerce Product XML Feed Manager for WooCommerce Free Shipping Bar: Amount Left for Free Shipping for WooCommerce Adverts Back Button Widget Cost of Goods for WooCommerce Sitewide Discount for WooCommerce: Apply Discount to All Products Maximum Products per User for WooCommerce Slugs Manager CRM ERP Business Solution Min Max Step Quantity Limits Manager for WooCommerce Coupons & Add to Cart by URL Links for WooCommerce Product Notes Tab & Private Admin Notes for WooCommerce Email Verification for WooCommerce Additional Custom Emails & Recipients for WooCommerce Change Add to Cart Button Text for WooCommerce Awesome Shortcodes Custom Checkout Fields for WooCommerce Product Excel Import Export & Bulk Edit for WooCommerce MSRP (RRP) Pricing for WooCommerce Custom CSS, JS & PHP WPFactory Helper EU/UK VAT Manager for WooCommerce Quantity Dynamic Pricing & Bulk Discounts for WooCommerce Scheduled & Automatic Order Status Controller for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-24993 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability — Advanced WooCommerce Product Sales ReportingCWE-89 9.3 Critical2026-03-25
CVE-2026-23977 WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability — Helpdesk Support Ticket System for WooCommerceCWE-862 7.5 High2026-03-25
CVE-2026-24992 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability — Advanced WooCommerce Product Sales ReportingCWE-201 5.3 Medium2026-02-03
CVE-2025-69334 WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerceCWE-79 6.5 Medium2026-01-06
CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability — Maximum Products per User for WooCommerceCWE-79 6.5 Medium2025-12-31
CVE-2025-68528 WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability — Free Shipping Bar: Amount Left for Free Shipping for WooCommerceCWE-79 6.5 Medium2025-12-24
CVE-2025-57911 WordPress Adverts Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability — AdvertsCWE-79 6.5 Medium2025-09-22
CVE-2025-57972 WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability — Helpdesk Support Ticket System for WooCommerceCWE-862 4.3 Medium2025-09-22
CVE-2025-58985 WordPress Additional Custom Product Tabs for WooCommerce Plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability — Additional Custom Product Tabs for WooCommerceCWE-79 6.5 Medium2025-09-09
CVE-2025-49887 WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability — Product XML Feed Manager for WooCommerceCWE-94 9.9 Critical2025-08-14
CVE-2025-30959 WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability — Product XML Feed Manager for WooCommerceCWE-862 6.5 Medium2025-07-16
CVE-2025-49319 WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability — Wishlist for WooCommerceCWE-862 6.5 Medium2025-07-16
CVE-2025-49987 WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability — CRM ERP Business SolutionCWE-862 5.3 Medium2025-06-20
CVE-2025-49510 WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability — Min Max Step Quantity Limits Manager for WooCommerceCWE-352 4.3 Medium2025-06-10
CVE-2025-48254 WordPress Change Add to Cart Button Text for WooCommerce plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability — Change Add to Cart Button Text for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48253 WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.6 - Cross Site Scripting (XSS) Vulnerability — Free Shipping Bar: Amount Left for Free Shipping for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability — Back Button WidgetCWE-79 6.5 Medium2025-05-19
CVE-2025-48250 WordPress Coupons & Add to Cart by URL Links for WooCommerce plugin <= 1.7.7 - Cross Site Scripting (XSS) Vulnerability — Coupons & Add to Cart by URL Links for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48251 WordPress Additional Custom Emails & Recipients for WooCommerce plugin <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability — Additional Custom Emails & Recipients for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48248 WordPress Sitewide Discount for WooCommerce: Apply Discount to All Products plugin <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability — Sitewide Discount for WooCommerce: Apply Discount to All ProductsCWE-79 6.5 Medium2025-05-19
CVE-2025-48249 WordPress EAN for WooCommerce plugin <= 5.4.6 - Cross Site Scripting (XSS) Vulnerability — EAN for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48240 WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability — Cost of Goods for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48239 WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability — Product Notes Tab & Private Admin Notes for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-48237 WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability — Wishlist for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-47504 WordPress Custom Checkout Fields for WooCommerce plugin <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability — Custom Checkout Fields for WooCommerceCWE-79 6.5 Medium2025-05-07
CVE-2025-32552 WordPress MSRP (RRP) Pricing for WooCommerce Plugin <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability — MSRP (RRP) Pricing for WooCommerceCWE-79 7.1 High2025-04-17
CVE-2025-32674 WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability — Product Excel Import Export & Bulk Edit for WooCommerceCWE-79 7.1 High2025-04-17
CVE-2025-39601 WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability — Custom CSS, JS & PHPCWE-352 9.6 Critical2025-04-16
CVE-2025-26749 WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — Additional Custom Product Tabs for WooCommerceCWE-79 6.5 Medium2025-04-15
CVE-2025-31553 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.1 - SQL Injection vulnerability — Advanced WooCommerce Product Sales ReportingCWE-89 9.3 Critical2025-04-01

This page lists every published CVE security advisory associated with WPFactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.