Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPdevart — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting WPdevart. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WpDevArt is a software vendor specializing in premium plugins and extensions for the WordPress content management system. Their portfolio includes tools for page building, SEO optimization, and e-commerce functionality, targeting developers and site administrators seeking enhanced platform capabilities. Security audits have identified thirty-seven Common Vulnerabilities and Exposures (CVEs) associated with their products, indicating a persistent pattern of security deficiencies. Historically, these vulnerabilities frequently manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and inadequate access controls within the codebase. While no single catastrophic data breach has been publicly attributed solely to WpDevArt, the high volume of disclosed CVEs suggests systemic issues in their development lifecycle. Users are advised to exercise caution, ensuring all components are regularly updated and monitored for known exploits to mitigate potential compromise of their WordPress environments.

Found 10 results / 38Clear Filters
Top products by WPdevart: Booking calendar, Appointment Booking System Responsive Image Gallery, Gallery Album Gallery – Image and Video Gallery with Thumbnails Organization chart Responsive Vertical Icon Menu YouTube Embed, Playlist and Popup by WpDevArt Contact Form Builder, Contact Widget Widget Countdown Contact Form Builder Poll, Survey, Questionnaire and Voting system Countdown Timer – Widget Countdown Pricing Table builder Coming soon and Maintenance mode Countdown and CountUp, WooCommerce Sales Timer Image and Video Lightbox, Image PopUp Poll, Survey, Questionnaire and Voting system (WordPress plugin) Countdown and CountUp, WooCommerce Sales Timers
CVE IDTitleCVSSSeverityPublished
CVE-2026-25435 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability — Booking calendar, Appointment Booking SystemCWE-79 7.1 High2026-03-25
CVE-2025-67574 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.3 Medium2025-12-09
CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' — Booking calendar, Appointment Booking SystemCWE-79 6.1 Medium2025-01-07
CVE-2024-10856 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 6.5 Medium2024-12-24
CVE-2023-24407 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.0 Medium2024-12-09
CVE-2024-9504 Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Booking calendar, Appointment Booking SystemCWE-434 7.2 High2024-11-26
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability — Booking calendar, Appointment Booking SystemCWE-472 3.7 Low2024-06-03
CVE-2022-47428 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 6.7 Medium2023-11-06
CVE-2022-47438 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS) — Booking calendar, Appointment Booking SystemCWE-79 5.9 Medium2023-03-29
CVE-2023-24388 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF) — Booking calendar, Appointment Booking SystemCWE-352 5.4 Medium2023-02-17

This page lists every published CVE security advisory associated with WPdevart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.