Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPMU DEV - Your All-in-One WordPress Platform — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting WPMU DEV - Your All-in-One WordPress Platform. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPMU DEV provides an all-in-one WordPress platform including themes, plugins, and hosting solutions. Historically, its products have been associated with multiple security vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and authentication bypass issues. The platform has accumulated 11 CVEs to date, with vulnerabilities often stemming from insufficient input validation, improper access controls, and insecure deserialization. While no major public security incidents have been widely documented, the consistent presence of vulnerabilities across multiple components suggests a need for rigorous security testing and prompt patch management by users implementing WPMU DEV solutions.

Top products by WPMU DEV - Your All-in-One WordPress Platform: Hummingbird Forminator Branda Defender Security SmartCrawl Smush Image Compression and Optimization Hustle Broken Link Checker
CVE IDTitleCVSSSeverityPublished
CVE-2026-39466 WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability — Broken Link CheckerCWE-89 7.6 High2026-04-08
CVE-2026-32409 WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability — ForminatorCWE-862 5.3 Medium2026-03-13
CVE-2026-24998 WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability — HustleCWE-497 5.3 Medium2026-02-03
CVE-2025-22288 WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability — Smush Image Compression and OptimizationCWE-35 4.1 Medium2025-11-06
CVE-2025-62048 WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability — SmartCrawlCWE-862 5.4 Medium2025-10-22
CVE-2024-37444 WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability — Defender SecurityCWE-862 5.3 Medium2024-11-01
CVE-2024-43118 WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability — HummingbirdCWE-862 4.3 Medium2024-11-01
CVE-2024-43117 WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability — HummingbirdCWE-352 4.3 Medium2024-08-26
CVE-2024-37239 WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability — BrandaCWE-79 5.9 Medium2024-07-22
CVE-2024-32792 WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability — HummingbirdCWE-862 4.3 Medium2024-06-09
CVE-2024-29777 WordPress Forminator plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability — ForminatorCWE-79 7.1 High2024-03-27

This page lists every published CVE security advisory associated with WPMU DEV - Your All-in-One WordPress Platform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.