Browse all 4 CVE security advisories affecting extendons. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Extendons develops WordPress plugins primarily for enhancing website functionality through contact forms, sliders, and marketing tools. Historically, their plugins have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper sanitization. Several critical vulnerabilities allowed attackers to execute arbitrary code or steal sensitive user data. In 2021, a privilege escalation weakness in their Contact Form Builder plugin enabled unauthorized access to administrative functions. Despite patches, recurring security issues suggest inadequate secure coding practices, making their extensions frequent targets in WordPress exploitation campaigns.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54029 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability — WooCommerce csv import exportCWE-22 | 7.7 | High | 2025-08-28 |
This page lists every published CVE security advisory associated with extendons. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.