Browse all 16 CVE security advisories affecting WPSwings. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpswings develops WordPress plugins primarily for e-commerce and business management solutions. Historically, their plugins have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across their products has resulted in 16 CVEs to date, indicating systemic security weaknesses in their development practices. Their plugins' broad functionality and integration with multiple WordPress systems increase potential attack surfaces when vulnerabilities are present.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1926 | Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation — Subscriptions for WooCommerceCWE-862 | 5.3 | Medium | 2026-03-18 |
This page lists every published CVE security advisory associated with WPSwings. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.