Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPWeb — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting WPWeb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPWeb operates as a provider of web hosting and domain registration services, primarily targeting small to medium-sized enterprises and individual developers seeking managed infrastructure solutions. Security audits have identified twenty-five distinct Common Vulnerabilities and Exposures (CVEs) associated with its platform, indicating a persistent pattern of implementation flaws. The most prevalent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation in custom control panels. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative access to client accounts. While WPWeb has issued patches for critical issues, the high volume of recorded CVEs suggests inconsistent security hygiene in its software development lifecycle. These incidents highlight significant risks for clients relying on the platform for sensitive data storage, necessitating rigorous third-party security assessments and strict access controls to mitigate potential breaches.

Top products by WPWeb: Social Auto Poster WooCommerce - Social Login WooCommerce PDF Vouchers WooCommerce Social Login Follow My Blog Post WooCommerce - PDF Vouchers Docket (WooCommerce Collections / Wishlist / Watchlist)
CVE IDTitleCVSSSeverityPublished
CVE-2025-68547 WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability — Follow My Blog PostCWE-862 7.5 High2026-01-05
CVE-2025-64258 WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability — Follow My Blog PostCWE-497 7.5 High2025-12-18
CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability — WooCommerce Social LoginCWE-352 4.3 Medium2025-04-16
CVE-2024-56265 WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability — WooCommerce PDF VouchersCWE-79 7.1 High2024-12-31
CVE-2024-54383 WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability — WooCommerce PDF VouchersCWE-266 9.8 Critical2024-12-18
CVE-2024-10114 Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider — WooCommerce - Social LoginCWE-287 8.1 High2024-11-05
CVE-2024-49272 WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability — Social Auto PosterCWE-352 4.3 Medium2024-10-20
CVE-2024-47369 WordPress Social Auto Poster plugin <= 5.3.15 - Reflected Cross Site Scripting (XSS) vulnerability — Social Auto PosterCWE-79 7.1 High2024-10-05
CVE-2024-43131 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability — Docket (WooCommerce Collections / Wishlist / Watchlist)CWE-863 7.5 High2024-08-13
CVE-2024-39651 WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability — WooCommerce PDF VouchersCWE-22 8.6 High2024-08-13
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover — WooCommerce - Social LoginCWE-288 9.8 Critical2024-08-10
CVE-2024-6755 Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Social Auto PosterCWE-862 6.5 Medium2024-07-24
CVE-2024-6754 Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template — Social Auto PosterCWE-862 5.4 Medium2024-07-24
CVE-2024-7027 WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor — WooCommerce - PDF VouchersCWE-288 7.3 High2024-07-24
CVE-2024-6751 Social Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple Functions — Social Auto PosterCWE-352 6.3 Medium2024-07-24
CVE-2024-6753 Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting — Social Auto PosterCWE-79 7.2 High2024-07-24
CVE-2024-6752 Social Auto Poster <= 5.3.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Social Auto PosterCWE-79 6.4 Medium2024-07-24
CVE-2024-6750 Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions — Social Auto PosterCWE-862 7.3 High2024-07-24
CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload — Social Auto PosterCWE-434 8.8 High2024-07-24
CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation — WooCommerce - Social LoginCWE-862 9.8 Critical2024-07-20
CVE-2024-6635 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass — WooCommerce - Social LoginCWE-288 7.3 High2024-07-20
CVE-2024-6637 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password — WooCommerce - Social LoginCWE-305 7.3 High2024-07-20
CVE-2024-37502 WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability — WooCommerce Social LoginCWE-502 5.4 Medium2024-07-09
CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection — WooCommerce - Social LoginCWE-502 9.8 Critical2024-06-15
CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness — WooCommerce - Social LoginCWE-330 6.5 Medium2024-06-15

This page lists every published CVE security advisory associated with WPWeb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.