Browse all 32 CVE security advisories affecting e-plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
e-plugins function as a comprehensive suite of WordPress extensions designed to enhance website functionality, including security, SEO, and performance optimization. With thirty-two recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws. These vulnerabilities predominantly involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation, often stemming from insufficient input validation and improper access controls within specific modules. While the platform offers robust features for site management, its attack surface has attracted significant attention from threat actors seeking to compromise underlying server infrastructure. Security audits highlight that many incidents result from outdated versions lacking recent patches. Consequently, administrators must prioritize regular updates and strict permission management to mitigate risks associated with these known weaknesses, ensuring the integrity of the hosted environment against potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54717 | WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability — WP MembershipCWE-862 | 5.4 | Medium | 2025-08-14 |
| CVE-2024-10547 | WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload — WP MembershipCWE-434 | 9.8 | Critical | 2024-11-09 |
This page lists every published CVE security advisory associated with e-plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.