Browse all 3 CVE security advisories affecting WebinarPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WebinarPress is a WordPress plugin for creating and managing webinar events. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has three CVEs on record, with issues ranging from insufficient input validation to improper access control. These vulnerabilities could allow attackers to execute arbitrary code, inject malicious scripts, or gain elevated privileges on affected sites. While no major public incidents have been widely reported, the consistent presence of critical vulnerabilities in the codebase indicates a need for rigorous security testing and prompt updates by users implementing this webinar solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43339 | WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability — WebinarPressCWE-352 | 5.4 | Medium | 2024-08-26 |
| CVE-2024-34818 | WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability — WebinarPressCWE-352 | 7.1 | High | 2024-05-10 |
| CVE-2024-31256 | WordPress WebinarPress plugin <= 1.33.10 - Reflected Cross Site Scripting (XSS) vulnerability — WebinarPressCWE-79 | 7.1 | High | 2024-04-07 |
This page lists every published CVE security advisory associated with WebinarPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.