Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

e-plugins — Vulnerabilities & Security Advisories 32

Browse all 32 CVE security advisories affecting e-plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

e-plugins function as a comprehensive suite of WordPress extensions designed to enhance website functionality, including security, SEO, and performance optimization. With thirty-two recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws. These vulnerabilities predominantly involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation, often stemming from insufficient input validation and improper access controls within specific modules. While the platform offers robust features for site management, its attack surface has attracted significant attention from threat actors seeking to compromise underlying server infrastructure. Security audits highlight that many incidents result from outdated versions lacking recent patches. Consequently, administrators must prioritize regular updates and strict permission management to mitigate risks associated with these known weaknesses, ensuring the integrity of the hosted environment against potential exploitation.

Top products by e-plugins: WP Membership Directory Pro Institutions Directory Hotel Listing Lawyer Directory Hospital Doctor Directory ListingHub Real Estate Pro Final User JobBank fitness-trainer Listihub
CVE IDTitleCVSSSeverityPublished
CVE-2026-28127 WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Lawyer DirectoryCWE-79 7.1 High2026-03-05
CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability — Directory ProCWE-862 7.3 High2026-03-05
CVE-2025-69193 WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability — WP MembershipCWE-862 7.3 High2026-01-22
CVE-2025-69192 WordPress Real Estate Pro plugin <= 2.1.5 - Broken Access Control vulnerability — Real Estate ProCWE-862 7.3 High2026-01-22
CVE-2025-69292 WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability — WP MembershipCWE-266 8.8 High2026-01-22
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability — Final UserCWE-266 8.8 High2026-01-22
CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability — Final UserCWE-862 7.3 High2026-01-22
CVE-2025-69191 WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability — ListingHubCWE-862 7.3 High2026-01-22
CVE-2025-69190 WordPress Listihub theme <= 1.0.6 - Broken Access Control vulnerability — ListihubCWE-862 7.3 High2026-01-22
CVE-2025-69188 WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability — fitness-trainerCWE-862 7.3 High2026-01-22
CVE-2025-69184 WordPress Institutions Directory plugin <= 1.3.4 - Broken Access Control vulnerability — Institutions DirectoryCWE-862 7.3 High2026-01-22
CVE-2025-69183 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability — Hospital Doctor DirectoryCWE-266 8.8 High2026-01-22
CVE-2025-69182 WordPress Institutions Directory plugin <= 1.3.4 - Privilege Escalation vulnerability — Institutions DirectoryCWE-266 8.8 High2026-01-22
CVE-2025-69185 WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability — Hotel ListingCWE-862 7.3 High2026-01-22
CVE-2025-69186 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability — Hospital Doctor DirectoryCWE-862 7.3 High2026-01-22
CVE-2025-69181 WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability — Lawyer DirectoryCWE-862 7.3 High2026-01-22
CVE-2025-69056 WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability — Hotel ListingCWE-79 7.1 High2026-01-22
CVE-2025-68059 WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability — Hotel ListingCWE-862 7.6 High2026-01-22
CVE-2025-68058 WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability — Institutions DirectoryCWE-862 7.6 High2026-01-22
CVE-2025-68057 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability — Hospital Doctor DirectoryCWE-862 7.6 High2026-01-22
CVE-2025-67967 WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability — Lawyer DirectoryCWE-862 7.6 High2026-01-22
CVE-2025-67966 WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability — Lawyer DirectoryCWE-266 8.8 High2026-01-22
CVE-2025-12551 WordPress ListingHub plugin 1.2.6 - Cross Site Scripting (XSS) vulnerability — ListingHubCWE-79 7.1 High2026-01-08
CVE-2025-13504 WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Real Estate ProCWE-79 7.1 High2026-01-08
CVE-2025-69085 WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — JobBankCWE-79 7.1 High2026-01-06
CVE-2025-58710 WordPress Hotel Listing plugin <= 1.4.0 - Privilege Escalation vulnerability — Hotel ListingCWE-266 8.8 High2025-12-18
CVE-2025-64243 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability — Directory ProCWE-862 4.3 Medium2025-12-16
CVE-2025-58638 WordPress Institutions Directory Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability — Institutions DirectoryCWE-79 7.1 High2025-11-06
CVE-2025-52748 WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability — Directory ProCWE-79 7.1 High2025-10-22
CVE-2025-57948 WordPress Directory Pro Plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability — Directory ProCWE-79 6.5 Medium2025-09-22

This page lists every published CVE security advisory associated with e-plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.