Browse all 4 CVE security advisories affecting helloprint. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Helloprint operates as a print-on-demand e-commerce platform enabling businesses to create and customize branded merchandise. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. These vulnerabilities often stem from insufficient input validation and improper access controls in web applications and APIs. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices and third-party component management, potentially exposing customer data and operational integrity to risk.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13666 | Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification — Plug your WooCommerce into the largest catalog of customized print products from HelloprintCWE-862 | 5.3 | Medium | 2025-12-06 |
| CVE-2025-26540 | WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability — HelloprintCWE-22 | 7.7 | High | 2025-03-03 |
| CVE-2025-26534 | WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability — HelloprintCWE-22 | 8.6 | High | 2025-03-03 |
| CVE-2024-50525 | WordPress Helloprint plugin <= 2.0.4 - Arbitrary File Upload vulnerability — HelloprintCWE-434 | 10.0 | Critical | 2024-11-04 |
This page lists every published CVE security advisory associated with helloprint. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.