Browse all 4 CVE security advisories affecting Webnus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Webnus develops WordPress themes and plugins primarily for website building and e-commerce solutions. Historically, their products have been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) issues, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the presence of four CVEs indicates a pattern of security shortcomings that could potentially allow attackers to compromise websites running their software. Users should implement strict access controls and maintain regular updates to mitigate risks associated with these vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-6522 | Modern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery — Modern Events CalendarCWE-918 | 8.5 | High | 2024-08-07 |
| CVE-2024-5441 | Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload — Modern Events CalendarCWE-434 | 8.8 | High | 2024-07-09 |
This page lists every published CVE security advisory associated with Webnus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.