Browse all 4 CVE security advisories affecting WPMinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpminds develops WordPress-focused plugins and themes for website enhancement, with a core use case of extending functionality for content management systems. Historically, their products have been susceptible to common web vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, as evidenced by their four recorded CVEs. Security assessments reveal that input validation and authentication mechanisms have been recurring weak points. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their WordPress ecosystem suggests a need for enhanced security development practices to mitigate risks for their user base.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-32594 | WordPress Simple WP Events plugin <= 1.8.17 - Sensitive Data Exposure vulnerability — Simple WP EventsCWE-201 | 7.5 | High | 2025-04-17 |
| CVE-2025-32509 | WordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerability — Simple WP EventsCWE-22 | 7.5 | High | 2025-04-11 |
| CVE-2025-2004 | Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion — Simple WP EventsCWE-73 | 9.1 | Critical | 2025-04-08 |
| CVE-2025-32193 | WordPress Simple WP Events plugin <= 1.8.17 - Cross Site Scripting (XSS) vulnerability — Simple WP EventsCWE-79 | 6.5 | Medium | 2025-04-04 |
This page lists every published CVE security advisory associated with WPMinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.