Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kraftplugins — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting kraftplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kraftplugins develops WordPress plugins primarily for e-commerce and marketing functionality, with 9 CVEs recorded to date. Historically, their plugins have frequently contained stored cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often due to insufficient input sanitization and improper file handling. Several critical issues allowed attackers to execute arbitrary code or escalate privileges through insecure direct object references. While no major public security incidents have been documented, their vulnerability history suggests consistent problems with access controls and data validation, requiring users to maintain strict versioning and apply patches promptly to mitigate risks.

Top products by kraftplugins: Demo Importer Plus Mega Elements Mega Elements – Addons for Elementor Wheel of Life: Coaching and Assessment Tool for Life Coach
CVE IDTitleCVSSSeverityPublished
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload — Demo Importer PlusCWE-611 7.5 High2026-01-17
CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation — Demo Importer PlusCWE-862 8.8 High2025-12-18
CVE-2025-13066 Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Demo Importer PlusCWE-434 8.8 High2025-12-05
CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget — Mega Elements – Addons for ElementorCWE-79 6.4 Medium2025-09-26
CVE-2024-9172 Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Demo Importer PlusCWE-79 6.4 Medium2024-10-02
CVE-2024-37466 WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 6.5 Medium2024-07-21
CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints — Wheel of Life: Coaching and Assessment Tool for Life CoachCWE-862 5.4 Medium2024-06-20
CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Mega Elements – Addons for ElementorCWE-79 6.4 Medium2024-05-15
CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 6.5 Medium2024-04-18

This page lists every published CVE security advisory associated with kraftplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.