Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPFactory — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting WPFactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPFactory operates as a software development firm specializing in WordPress plugins and themes, catering to web developers and site administrators seeking extended functionality. Historically, its products have been associated with forty-seven recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper capability checks within plugin code, allowing unauthenticated attackers to compromise affected sites. While specific major incidents are rarely publicized as distinct breaches, the high volume of CVEs indicates systemic security oversight in the development lifecycle. The company’s portfolio includes popular tools for SEO, security, and page building, yet the recurring nature of these exploits highlights persistent challenges in maintaining secure coding standards for widely deployed WordPress extensions.

Top products by WPFactory: Wishlist for WooCommerce Products, Order & Customers Export for WooCommerce EAN for WooCommerce Advanced WooCommerce Product Sales Reporting Additional Custom Product Tabs for WooCommerce Helpdesk Support Ticket System for WooCommerce Product XML Feed Manager for WooCommerce Free Shipping Bar: Amount Left for Free Shipping for WooCommerce Adverts Back Button Widget Cost of Goods for WooCommerce Sitewide Discount for WooCommerce: Apply Discount to All Products Maximum Products per User for WooCommerce Slugs Manager CRM ERP Business Solution Min Max Step Quantity Limits Manager for WooCommerce Coupons & Add to Cart by URL Links for WooCommerce Product Notes Tab & Private Admin Notes for WooCommerce Email Verification for WooCommerce Additional Custom Emails & Recipients for WooCommerce Change Add to Cart Button Text for WooCommerce Awesome Shortcodes Custom Checkout Fields for WooCommerce Product Excel Import Export & Bulk Edit for WooCommerce MSRP (RRP) Pricing for WooCommerce Custom CSS, JS & PHP WPFactory Helper EU/UK VAT Manager for WooCommerce Quantity Dynamic Pricing & Bulk Discounts for WooCommerce Scheduled & Automatic Order Status Controller for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-31848 WordPress WordPress Adverts Plugin plugin <= 1.4 - Broken Access Control vulnerability — AdvertsCWE-862 5.3 Medium2025-04-01
CVE-2025-31598 WordPress Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin <= 4.0.3 - Stored Cross Site Scripting (XSS) vulnerability — Quantity Dynamic Pricing & Bulk Discounts for WooCommerceCWE-79 6.5 Medium2025-03-31
CVE-2025-22673 WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability — EAN for WooCommerceCWE-862 4.3 Medium2025-03-27
CVE-2025-30781 WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability — Scheduled & Automatic Order Status Controller for WooCommerceCWE-601 4.7 Medium2025-03-27
CVE-2024-56228 WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerceCWE-79 7.1 High2024-12-31
CVE-2024-54332 WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability — WP Currency Exchange RatesCWE-352 7.1 High2024-12-16
CVE-2023-23868 WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability — Cost of Goods for WooCommerceCWE-862 5.4 Medium2024-12-09
CVE-2024-54209 WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability — Awesome ShortcodesCWE-79 7.1 High2024-12-06
CVE-2024-44061 WordPress EU/UK VAT Manager for WooCommerce plugin <= 2.12.14 - CSRF to Cross Site Scripting (XSS) vulnerability — EU/UK VAT Manager for WooCommerceCWE-79 7.1 High2024-10-20
CVE-2024-49305 WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability — Email Verification for WooCommerceCWE-89 9.3 Critical2024-10-17
CVE-2024-43127 WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.11 - Reflected Cross Site Scripting (XSS) vulnerability — Products, Order & Customers Export for WooCommerceCWE-79 7.1 High2024-08-12
CVE-2024-31276 WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability — Products, Order & Customers Export for WooCommerceCWE-862 5.3 Medium2024-06-09
CVE-2024-34370 WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability — EAN for WooCommerceCWE-269 7.2 High2024-05-17
CVE-2024-30536 WordPress Slugs Manager plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) vulnerability — Slugs ManagerCWE-352 4.3 Medium2024-03-31
CVE-2023-51399 WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS) — Back Button WidgetCWE-79 6.5 Medium2023-12-29
CVE-2023-47547 WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) — Products, Order & Customers Export for WooCommerceCWE-79 7.1 High2023-11-14
CVE-2023-36689 WordPress WPFactory Helper Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) — WPFactory HelperCWE-79 7.1 High2023-08-05

This page lists every published CVE security advisory associated with WPFactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.