Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WeDevs — Vulnerabilities & Security Advisories 79

Browse all 79 CVE security advisories affecting WeDevs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

weDevs operates as a prominent WordPress plugin developer, primarily serving the e-commerce and educational sectors through products like WooCommerce and LearnPress. With seventy-seven Common Vulnerabilities and Exposures (CVEs) currently on record, the company’s software has historically been susceptible to critical security flaws, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS). These vulnerabilities frequently stemmed from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary code on affected sites. While specific major incidents involving widespread data breaches are not extensively documented in public threat intelligence feeds, the high volume of CVEs indicates persistent challenges in securing codebases against injection attacks. This pattern underscores the risks associated with complex WordPress ecosystems, where plugin vulnerabilities often serve as primary entry points for site compromise, necessitating rigorous security audits and timely patch management for users relying on these tools.

Top products by WeDevs: Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support WP User Frontend WP ERP WP Project Manager User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration Happy Addons for Elementor Dokan Pro weMail weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot Subscribe2 – Form, Email Subscribers & Newsletters weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WooCommerce Conversion Tracking Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy weDocs ReCaptcha Integration for WordPress Appsero Helper WP User Frontend Pro Subscribe2 Happy Addons for Elementor Pro WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts WP Project Manager (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2024-0609 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-79 7.2 High2024-03-29
CVE-2024-0608 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (Subscriber+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 6.5 Medium2024-03-29
CVE-2024-0913 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 7.2 High2024-03-29
CVE-2024-24711 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability — WooCommerce Conversion TrackingCWE-862 4.3 Medium2024-03-26
CVE-2023-6632 Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting — Happy Addons for Elementor ProCWE-79 6.1 Medium2024-01-11
CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection — WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & AccountingCWE-89 7.6 High2024-01-08
CVE-2023-26525 WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection — Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-89 7.1 High2023-12-20
CVE-2023-34382 WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection — Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-502 4.4 Medium2023-12-19
CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) — WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt chartsCWE-79 6.5 Medium2023-12-14
CVE-2023-34383 WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection — WP Project ManagerCWE-89 8.5 High2023-11-03
CVE-2023-3636 WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-269 8.8 High2023-08-31
CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS) — WP ERPCWE-79 7.1 High2023-08-30
CVE-2023-28989 WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF) — Happy Addons for ElementorCWE-352 4.3 Medium2023-07-10
CVE-2020-36745 WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-352 4.3 Medium2023-07-01
CVE-2020-36735 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-352 4.3 Medium2023-07-01
CVE-2023-1844 Subscribe2 <= 10.40 - Missing Authorization — Subscribe2 – Form, Email Subscribers & NewslettersCWE-862 4.3 Medium2023-06-28
CVE-2023-3407 Subscribe2 <= 10.40 - Cross-Site Request Forgery — Subscribe2 – Form, Email Subscribers & NewslettersCWE-352 4.3 Medium2023-06-28
CVE-2021-36826 WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability — WP Project Manager (WordPress plugin)CWE-79 5.4 Medium2022-04-04
CVE-2021-24292 Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS — Happy Addons for ElementorCWE-79 5.4 -2021-05-17

This page lists every published CVE security advisory associated with WeDevs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.