Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPVibes — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting WPVibes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPVibes operates as a white-label solution provider, enabling businesses to launch customized WordPress-based platforms for content, e-commerce, and social networking. Despite its utility, the platform has accumulated thirty-four recorded Common Vulnerabilities and Exposures, reflecting significant historical security deficiencies. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from inadequate input validation and insufficient access controls within its modular architecture. The high volume of CVEs suggests systemic issues in code review processes and dependency management, allowing attackers to compromise server integrity or steal user data. While specific major public breaches are not widely documented in mainstream media, the persistent nature of these vulnerabilities indicates a critical need for rigorous patching and security auditing. Organizations utilizing WPVibes must prioritize immediate updates and implement strict security monitoring to mitigate the risk of exploitation inherent in its current software state.

Top products by WPVibes: Addon Elements for Elementor (formerly Elementor Addon Elements) Elementor Addon Elements WP Mail Log Form Vibes – Database Manager for Forms Redirect 404 Error Page to Homepage or Custom Page with Logs Dynific Addons for Elementor (formerly AnyWhere Elementor) AnyWhere Elementor Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability — Elementor Addon ElementsCWE-201 6.5 Medium2026-02-26
CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection — Form Vibes – Database Manager for FormsCWE-89 4.9 Medium2026-01-06
CVE-2025-31046 WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability — AnyWhere Elementor ProCWE-862 4.3 Medium2026-01-05
CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2025-12-14
CVE-2024-13215 Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-359 4.3 Medium2025-01-15
CVE-2024-10777 AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure — Dynific Addons for Elementor (formerly AnyWhere Elementor)CWE-639 4.3 Medium2024-12-05
CVE-2024-47361 WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability — Elementor Addon ElementsCWE-862 6.5 Medium2024-11-01
CVE-2024-8902 Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-200 4.3 Medium2024-10-12
CVE-2024-47366 WordPress Elementor Addon Elements plugin <= 1.13.6 - Cross Site Scripting (XSS) vulnerability — Elementor Addon ElementsCWE-79 6.5 Medium2024-10-06
CVE-2024-5309 Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions — Form Vibes – Database Manager for FormsCWE-862 5.4 Medium2024-09-05
CVE-2024-7122 Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-08-30
CVE-2024-4401 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-08-30
CVE-2024-5325 Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data — Form Vibes – Database Manager for FormsCWE-89 8.8 High2024-07-12
CVE-2024-4570 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-06-27
CVE-2024-4569 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-06-27
CVE-2024-2092 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 5.4 Medium2024-06-12
CVE-2024-3743 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-05-02
CVE-2024-2792 Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-04-09
CVE-2024-30422 WordPress Elementor Addon Elements plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability — Elementor Addon ElementsCWE-79 6.5 Medium2024-03-28
CVE-2024-2091 Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 5.4 Medium2024-03-28
CVE-2024-29107 WordPress Elementor Addon Elements plugin <= 1.12.10 - Cross Site Scripting (XSS) vulnerability — Elementor Addon ElementsCWE-79 6.5 Medium2024-03-19
CVE-2024-1393 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-03-13
CVE-2024-1391 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-03-13
CVE-2024-1422 Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-03-13
CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 6.4 Medium2024-03-13
CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-22 8.8 High2024-03-13
CVE-2023-51410 WordPress WP Mail Log Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload — WP Mail LogCWE-434 9.9 Critical2023-12-29
CVE-2023-47530 WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection — Redirect 404 Error Page to Homepage or Custom Page with LogsCWE-89 7.6 High2023-12-18
CVE-2023-5381 Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-79 4.4 Medium2023-11-15
CVE-2023-4690 Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery — Addon Elements for Elementor (formerly Elementor Addon Elements)CWE-352 5.4 Medium2023-11-15

This page lists every published CVE security advisory associated with WPVibes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.