Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPZOOM — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting WPZOOM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPZOOM operates as a developer of WordPress plugins and themes, primarily targeting small business owners and bloggers seeking customizable website solutions. Security audits have identified twenty-three Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, reflecting significant historical security gaps. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. While specific major public breaches directly attributed to WPZOOM products remain limited in widespread media coverage, the high volume of CVEs indicates a pattern of delayed patching and inadequate security testing during development. This profile underscores the risks inherent in using plugins with a history of poor security hygiene, necessitating rigorous third-party audits and immediate updates for any deployed instances.

Top products by WPZOOM: WPZOOM Addons for Beaver Builder WPZOOM Addons for Elementor – Starter Templates & Widgets Recipe Card Blocks for Gutenberg & Elementor WPZOOM Shortcodes Beaver Builder Addons by WPZOOM WPZOOM Social Feed Widget & Block WPZOOM Addons for Elementor (Templates, Widgets) Social Icons Widget & Block by WPZOOM WPZOOM Portfolio Lite – Filterable Portfolio Plugin Inspiro WPZOOM Addons for Elementor Social Icons Widget & Block – Social Media Icons & Share Buttons
CVE IDTitleCVSSSeverityPublished
CVE-2026-4063 Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation — Social Icons Widget & Block – Social Media Icons & Share ButtonsCWE-862 4.3 Medium2026-03-13
CVE-2026-2295 WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more — WPZOOM Addons for Elementor – Starter Templates & WidgetsCWE-200 5.3 Medium2026-02-11
CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — WPZOOM Addons for ElementorCWE-79 6.5 Medium2025-12-16
CVE-2025-62019 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability — Recipe Card Blocks for Gutenberg & ElementorCWE-862 6.5 Medium2025-10-22
CVE-2025-8592 Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation — InspiroCWE-352 8.1 High2025-08-21
CVE-2025-26983 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability — Recipe Card Blocks for Gutenberg & ElementorCWE-862 4.3 Medium2025-02-25
CVE-2024-30424 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Beaver Builder Addons by WPZOOMCWE-79 6.5 Medium2024-11-19
CVE-2024-43293 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability — Recipe Card Blocks for Gutenberg & ElementorCWE-862 4.3 Medium2024-11-01
CVE-2024-9027 WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode — WPZOOM ShortcodesCWE-79 6.4 Medium2024-09-25
CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute — WPZOOM Portfolio Lite – Filterable Portfolio PluginCWE-79 6.4 Medium2024-08-31
CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability — Beaver Builder Addons by WPZOOMCWE-22 4.9 Medium2024-07-09
CVE-2024-5686 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget — WPZOOM Addons for Elementor – Starter Templates & WidgetsCWE-79 6.4 Medium2024-06-20
CVE-2024-30464 WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability — Social Icons Widget & Block by WPZOOMCWE-862 5.4 Medium2024-06-09
CVE-2024-5147 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion — WPZOOM Addons for Elementor – Starter Templates & WidgetsCWE-22 9.8 Critical2024-05-22
CVE-2024-4370 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget — WPZOOM Addons for Elementor – Starter Templates & WidgetsCWE-79 6.4 Medium2024-05-14
CVE-2024-33539 WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability — WPZOOM Addons for Elementor (Templates, Widgets)CWE-79 6.5 Medium2024-04-29
CVE-2024-3662 WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion — WPZOOM Social Feed Widget & BlockCWE-862 4.3 Medium2024-04-13
CVE-2024-2183 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget — WPZOOM Addons for Beaver BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-2186 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget — WPZOOM Addons for Beaver BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-2181 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — WPZOOM Addons for Beaver BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-2185 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget — WPZOOM Addons for Beaver BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-2187 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget — WPZOOM Addons for Beaver BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-22162 WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) — WPZOOM ShortcodesCWE-79 7.1 High2024-01-31

This page lists every published CVE security advisory associated with WPZOOM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.