Wow-Company — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting Wow-Company. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wow-Company operates as a prominent provider of enterprise resource planning software, facilitating complex supply chain and financial management workflows for large organizations. Security audits have identified twenty-six distinct Common Vulnerabilities and Exposures (CVEs) associated with its platform, indicating a persistent pattern of technical debt. The most frequently observed vulnerability classes include remote code execution and cross-site scripting, which often stem from insufficient input validation in legacy modules. Additionally, several instances of broken access control have led to unauthorized privilege escalation, allowing lower-tier users to manipulate critical system configurations. While no single catastrophic data breach has been publicly attributed solely to Wow-Company, the cumulative effect of these flaws has raised significant concerns among security researchers. The organization’s reliance on outdated authentication mechanisms further exacerbates these risks, necessitating immediate remediation efforts to prevent potential exploitation by malicious actors targeting its extensive user base.

CVEs 26

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53258	WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability — Hover EffectsCWE-89	7.6	High	2025-06-27
CVE-2025-30912	WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Float menuCWE-352	5.4	Medium	2025-03-27
CVE-2025-26760	WordPress Calculator Builder plugin <= 1.6.2 - Local File Inclusion vulnerability — Calculator BuilderCWE-98	7.5	High	2025-02-22
CVE-2025-24699	WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability — WP CoderCWE-352	7.1	High	2025-02-14
CVE-2025-24724	WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Side Menu LiteCWE-352	5.4	Medium	2025-01-24
CVE-2025-24716	WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Herd EffectsCWE-352	5.4	Medium	2025-01-24
CVE-2025-24717	WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Modal WindowCWE-352	5.4	Medium	2025-01-24
CVE-2025-24713	WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability — Button Generator – easily Button BuilderCWE-352	5.4	Medium	2025-01-24
CVE-2025-24715	WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Counter BoxCWE-352	5.4	Medium	2025-01-24
CVE-2025-24720	WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Sticky ButtonsCWE-352	5.4	Medium	2025-01-24
CVE-2025-24714	WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability — Bubble Menu – circle floating menuCWE-352	5.4	Medium	2025-01-24
CVE-2025-24711	WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability — Popup BoxCWE-352	5.4	Medium	2025-01-24
CVE-2023-49154	WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability — Button Generator – easily Button BuilderCWE-862	5.3	Medium	2024-12-09
CVE-2024-43346	WordPress Modal Window – create popup modal window plugin <= 6.0.3 - Cross Site Scripting (XSS) vulnerability — Modal WindowCWE-79	6.5	Medium	2024-08-18
CVE-2024-35634	Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability — Woocommerce – Recent PurchasesCWE-22	4.9	Medium	2024-06-04
CVE-2024-35629	WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability — Easy Digital Downloads – Recent PurchasesCWE-98	9.6	Critical	2024-06-04
CVE-2023-52149	WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) — Floating ButtonCWE-352	5.4	Medium	2024-01-05
CVE-2023-49155	WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) — Button Generator – easily Button BuilderCWE-352	4.3	Medium	2023-12-18
CVE-2023-27418	WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) — Side Menu Lite – add sticky fixed buttonsCWE-352	4.3	Medium	2023-11-12
CVE-2023-25443	WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF) — Button Generator – easily Button BuilderCWE-352	4.3	Medium	2023-07-11
CVE-2023-27452	WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) — Button Generator – easily Button BuilderCWE-79	5.9	Medium	2023-06-22
CVE-2023-23984	WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) — Bubble Menu – circle floating menuCWE-352	5.4	Medium	2023-03-01
CVE-2022-29447	WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability — Hover Effects – easily create any hover effect (WordPress plugin)	6.8	Medium	2022-05-20
CVE-2022-29448	WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability — Herd Effects (WordPress plugin)	6.8	Medium	2022-05-20
CVE-2022-29446	WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability — Counter Box (WordPress)	6.8	Medium	2022-05-19
CVE-2022-29445	WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability — Popup Box (WordPress plugin)	6.8	Medium	2022-05-18

This page lists every published CVE security advisory associated with Wow-Company. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Wow-Company — Vulnerabilities & Security Advisories 26