Browse all 4 CVE security advisories affecting gtlwpdev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
gtlwpdev develops WordPress plugins primarily for enhancing website functionality and user engagement. Historically, its vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. The plugin's security posture has been marked by multiple CVEs, with RCE being particularly prevalent due to unsafe deserialization and direct file inclusion issues. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user-supplied data and maintaining proper privilege boundaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0816 | All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter — All push notification for WPCWE-89 | 4.9 | Medium | 2026-02-04 |
| CVE-2025-32546 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability — All push notification for WPCWE-352 | 7.1 | High | 2025-04-17 |
| CVE-2025-32547 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability — All push notification for WPCWE-352 | 8.2 | High | 2025-04-09 |
| CVE-2025-25092 | WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — All push notification for WPCWE-79 | 7.1 | High | 2025-03-03 |
This page lists every published CVE security advisory associated with gtlwpdev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.