Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

awordpresslife — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting awordpresslife. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Awordpresslife operates as a WordPress-focused resource providing themes, plugins, and development services. Historically, the project has been associated with multiple security vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls in its components. While no major public security incidents have been widely documented, the accumulation of 13 CVEs indicates a pattern of security weaknesses that require ongoing attention. Users should implement strict security measures when integrating these solutions into their environments, as the historical vulnerability profile suggests potential risks that could compromise website integrity and user data.

Top products by awordpresslife: Event Monster – Manager & Ticket Booking Formula Blog Filter Post Filtering Coming Soon Maintenance Mode Responsive Slideshow Modal Popup Box Grid Gallery for Images Photo Gallery for Images Portfolio Filter Gallery Album Gallery Neom Blog
CVE IDTitleCVSSSeverityPublished
CVE-2025-49274 WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability — Neom BlogCWE-79 7.1 High2025-07-04
CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta — Album GalleryCWE-502 7.2 High2025-03-01
CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export — Event Monster – Manager & Ticket BookingCWE-359 5.3 Medium2025-01-13
CVE-2024-6262 Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Portfolio Filter GalleryCWE-79 6.4 Medium2024-06-27
CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action — FormulaCWE-79 6.1 Medium2024-06-08
CVE-2024-5638 Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins — FormulaCWE-79 6.1 Medium2024-06-08
CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode — Grid Gallery for ImagesCWE-502 7.5 High2024-05-02
CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode — Photo Gallery for ImagesCWE-502 7.5 High2024-05-02
CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta — Event Monster – Manager & Ticket BookingCWE-502 7.5 High2024-04-30
CVE-2024-2008 Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode — Modal Popup BoxCWE-502 8.8 High2024-04-04
CVE-2024-1859 Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection — Responsive SlideshowCWE-502 8.8 High2024-03-01
CVE-2024-1475 Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure — Coming Soon Maintenance ModeCWE-284 5.3 Medium2024-02-20
CVE-2023-5291 Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Blog Filter Post FilteringCWE-79 6.4 Medium2023-10-04

This page lists every published CVE security advisory associated with awordpresslife. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.