Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WpDevArt — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting WpDevArt. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WpDevArt is a software vendor specializing in premium plugins and extensions for the WordPress content management system. Their portfolio includes tools for page building, SEO optimization, and e-commerce functionality, targeting developers and site administrators seeking enhanced platform capabilities. Security audits have identified thirty-seven Common Vulnerabilities and Exposures (CVEs) associated with their products, indicating a persistent pattern of security deficiencies. Historically, these vulnerabilities frequently manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and inadequate access controls within the codebase. While no single catastrophic data breach has been publicly attributed solely to WpDevArt, the high volume of disclosed CVEs suggests systemic issues in their development lifecycle. Users are advised to exercise caution, ensuring all components are regularly updated and monitored for known exploits to mitigate potential compromise of their WordPress environments.

Top products by WpDevArt: Booking calendar, Appointment Booking System Responsive Image Gallery, Gallery Album Gallery – Image and Video Gallery with Thumbnails Organization chart Responsive Vertical Icon Menu YouTube Embed, Playlist and Popup by WpDevArt Contact Form Builder, Contact Widget Widget Countdown Contact Form Builder Poll, Survey, Questionnaire and Voting system Countdown Timer – Widget Countdown Pricing Table builder Coming soon and Maintenance mode Countdown and CountUp, WooCommerce Sales Timer Image and Video Lightbox, Image PopUp Poll, Survey, Questionnaire and Voting system (WordPress plugin) Countdown and CountUp, WooCommerce Sales Timers
CVE IDTitleCVSSSeverityPublished
CVE-2022-50959 WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php — Contact Form BuilderCWE-79 6.1 Medium2026-05-10
CVE-2026-25435 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability — Booking calendar, Appointment Booking SystemCWE-79 7.1 High2026-03-25
CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Countdown Timer – Widget CountdownCWE-79 6.4 Medium2026-01-10
CVE-2025-67574 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.3 Medium2025-12-09
CVE-2025-62886 WordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability — Pricing Table builderCWE-352 7.1 High2025-10-27
CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library — YouTube Embed, Playlist and Popup by WpDevArtCWE-79 6.4 Medium2025-07-03
CVE-2025-47443 WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability — Widget CountdownCWE-79 6.5 Medium2025-05-07
CVE-2025-24719 WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability — Widget CountdownCWE-79 6.5 Medium2025-01-24
CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' — Booking calendar, Appointment Booking SystemCWE-79 6.1 Medium2025-01-07
CVE-2023-45631 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability — Responsive Image Gallery, Gallery AlbumCWE-862 4.3 Medium2025-01-02
CVE-2024-10856 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 6.5 Medium2024-12-24
CVE-2023-24407 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.0 Medium2024-12-09
CVE-2024-9504 Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Booking calendar, Appointment Booking SystemCWE-434 7.2 High2024-11-26
CVE-2024-7355 Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters — Organization chartCWE-79 4.9 Medium2024-08-07
CVE-2024-37542 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability — Responsive Image Gallery, Gallery AlbumCWE-862 5.4 Medium2024-07-06
CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability — Contact Form Builder, Contact WidgetCWE-307 5.3 Medium2024-06-10
CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability — Responsive Image Gallery, Gallery AlbumCWE-89 8.5 High2024-06-08
CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability — Coming soon and Maintenance modeCWE-290 3.7 Low2024-06-04
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability — Booking calendar, Appointment Booking SystemCWE-472 3.7 Low2024-06-03
CVE-2024-30550 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — Responsive Image Gallery, Gallery AlbumCWE-79 7.1 High2024-03-31
CVE-2024-31120 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability — Responsive Image Gallery, Gallery AlbumCWE-79 6.5 Medium2024-03-31
CVE-2023-47533 WordPress Countdown and CountUp, WooCommerce Sales Timer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS) — Countdown and CountUp, WooCommerce Sales TimerCWE-79 5.9 Medium2023-11-14
CVE-2022-47428 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 6.7 Medium2023-11-06
CVE-2023-46075 WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — Contact Form Builder, Contact WidgetCWE-79 7.1 High2023-10-26
CVE-2023-45630 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) — Gallery – Image and Video Gallery with ThumbnailsCWE-79 7.1 Medium2023-10-18
CVE-2023-45629 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) — Gallery – Image and Video Gallery with ThumbnailsCWE-352 5.4 Medium2023-10-16
CVE-2023-24387 WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) — Organization chartCWE-79 5.9 Medium2023-04-06
CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) — YouTube Embed, Playlist and Popup by WpDevArtCWE-79 5.9 Medium2023-04-06
CVE-2023-24004 WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) — Image and Video Lightbox, Image PopUpCWE-79 5.9 Medium2023-04-06
CVE-2023-23870 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) — Responsive Vertical Icon MenuCWE-79 5.9 Medium2023-04-04

This page lists every published CVE security advisory associated with WpDevArt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.