Browse all 4 CVE security advisories affecting buildwps. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Buildwps is a WordPress website builder plugin that enables users to create custom pages through a drag-and-drop interface. Historically, it has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper sanitization. The plugin's extensive permissions and integration with WordPress core have also led to privilege escalation vulnerabilities. While no major public incidents have been widely documented, its four CVEs indicate a consistent pattern of security weaknesses that could allow attackers to compromise websites, manipulate content, or gain elevated access if not properly maintained.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-3923 | Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure — Prevent Direct Access – Protect WordPress FilesCWE-200 | 5.3 | Medium | 2025-04-25 |
| CVE-2025-3861 | Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions — Prevent Direct Access – Protect WordPress FilesCWE-863 | 5.4 | Medium | 2025-04-25 |
| CVE-2024-11280 | PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — PPWP – Password Protect PagesCWE-200 | 5.3 | Medium | 2024-12-17 |
| CVE-2024-0620 | PPWP – Password Protect Pages <= 1.8.9 - Protection Mechanism Bypass — PPWP – Password Protect PagesCWE-200 | 5.3 | Medium | 2024-02-20 |
This page lists every published CVE security advisory associated with buildwps. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.