Browse all 4 CVE security advisories affecting WebAppick. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WebAppick is a WordPress plugin suite providing e-commerce and content management solutions. Historically, the plugin has been susceptible to multiple security vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls. With four CVEs documented, WebAppick has faced repeated security concerns, particularly in versions prior to 2020. The plugin's complex functionality and integration with multiple WordPress systems have created multiple attack surfaces. While recent versions have addressed some vulnerabilities, the plugin's history demonstrates ongoing challenges in maintaining secure coding practices across its feature set.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22461 | WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability — CTX FeedCWE-862 | 5.3 | Medium | 2026-01-22 |
| CVE-2025-47462 | WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability — ChallanCWE-352 | 8.8 | High | 2025-05-07 |
| CVE-2024-38775 | WordPress CTX Feed plugin <= 6.5.6 - Arbitrary Options Update vulnerability — CTX FeedCWE-269 | 7.2 | High | 2024-08-01 |
| CVE-2019-1010124 | WebAppick WooCommerce Product Feed 跨站脚本漏洞 — WooCommerce Product Feed | 5.4 | - | 2019-07-23 |
This page lists every published CVE security advisory associated with WebAppick. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.