Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPKube — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting WPKube. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPKube is a WordPress resource hub providing tutorials, plugins, and themes to enhance website functionality. Historically, its offerings have been associated with multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws. The platform has recorded 15 CVEs, with several critical issues allowing attackers to bypass security controls, execute arbitrary code, or gain unauthorized administrative access. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its extensions suggests potential risks for users implementing these resources without proper hardening or regular updates.

Top products by WPKube: Authors List Social Sharing Plugin – Kiwi Subscribe To Comments Reloaded Simple Basic Contact Form Cool Tag Cloud Subscribe To Comments Reloaded (WordPress plugin) Kiwi
CVE IDTitleCVSSSeverityPublished
CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management — Subscribe To Comments ReloadedCWE-200 6.5 Medium2026-05-05
CVE-2025-69011 WordPress Cool Tag Cloud plugin <= 2.29 - Cross Site Scripting (XSS) vulnerability — Cool Tag CloudCWE-79 6.5 Medium2026-02-20
CVE-2025-13614 Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cool Tag CloudCWE-79 8.1 High2025-12-05
CVE-2025-12010 Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode — Authors ListCWE-200 6.5 Medium2025-11-11
CVE-2025-58792 WordPress Authors List plugin <= 2.0.6.2 - Cross Site Request Forgery (CSRF) vulnerability — Authors ListCWE-352 4.3 Medium2025-09-05
CVE-2025-58790 WordPress Kiwi Plugin <= 2.1.8 - Cross Site Scripting (XSS) Vulnerability — KiwiCWE-79 6.5 Medium2025-09-05
CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution — Authors ListCWE-94 6.5 Medium2025-03-01
CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax — Authors ListCWE-94 7.3 High2024-12-04
CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure — Social Sharing Plugin – KiwiCWE-200 5.3 Medium2024-07-09
CVE-2024-4144 Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution — Simple Basic Contact FormCWE-94 6.5 Medium2024-05-14
CVE-2024-4150 Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting — Simple Basic Contact FormCWE-79 6.1 Medium2024-05-09
CVE-2024-31249 WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability — Subscribe To Comments ReloadedCWE-532 5.3 Medium2024-04-10
CVE-2023-37981 WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) — Authors ListCWE-79 7.1 High2023-07-27
CVE-2021-4362 WordPress Plugin Kiwi Social Share 安全漏洞 — Social Sharing Plugin – Kiwi 9.8 Critical2023-06-07
CVE-2022-29414 WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — Subscribe To Comments Reloaded (WordPress plugin)CWE-352 5.4 Medium2022-04-29

This page lists every published CVE security advisory associated with WPKube. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.